Same as s2-025 from your ealier question. On Tue, Oct 6, 2015 at 3:05 PM, Dave Newton <davelnew...@gmail.com> wrote:
> Expressions aren't evaluated in S1; there is nothing like it I'm aware of. > > Dave > > > On Tue, Oct 6, 2015 at 3:04 PM, David Gawron <dgaw...@us.ibm.com> wrote: > >> Hello, >> >> I know that Struts1 and 2 are completely different code bases, but I was >> wondering if the technique used by the exploit described in the CVE and >> https://struts.apache.org/docs/s2-026.html could possibly apply to a >> Struts 1 deployment? There is no references to a ValueStack in the Struts >> 1 code, but is there an equivalent feature that could be vulnerable? >> >> -Dave- >> >> ---------------------------------------------------------------------- >> Dave Gawron >> Architect, WebSphere Portlet Factory >> 978-899-2171 T/L 276-2171 >> dgaw...@us.ibm.com >> >> "Perfection is achieved, not when there is nothing more to add, but when >> there is nothing left to take away." >> -- Antoine de Saint-Exupéry >> >> > > > -- > e: davelnew...@gmail.com > m: 908-380-8699 > s: davelnewton_skype > t: @dave_newton <https://twitter.com/dave_newton> > b: Bucky Bits <http://buckybits.blogspot.com/> > g: davelnewton <https://github.com/davelnewton> > so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> > > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
