Struts1 is completely safe to use since no OGNL involved, unfortunately people started misusing struts2 the way its easy to use, and its in a way to fix all the security holes found till now.
-- Thanks & Regards Sreekanth S Nair Java Developer ------------------------------------------- eGovernments Foundation <http://www.egovernments.org> Ph : 9980078913 ------------------------------------------- <http://in.linkedin.com/pub/sreekanth-s-nair/b/946/5a0/> <https://github.com/sreekanthsnair> <sreekanthsn...@hotmail.co.uk> <sreekanths...@gmail.com> ------------------------------------------- On Wed, Oct 7, 2015 at 12:36 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2015-10-06 21:04 GMT+02:00 David Gawron <dgaw...@us.ibm.com>: > > Hello, > > > > I know that Struts1 and 2 are completely different code bases, but I was > > wondering if the technique used by the exploit described in the CVE and > > https://struts.apache.org/docs/s2-026.html could possibly apply to a > > Struts 1 deployment? There is no references to a ValueStack in the > Struts > > 1 code, but is there an equivalent feature that could be vulnerable? > > Nope, as far I know :) > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
