It's only "present" if you're using the Struts 1 plugin. Are you?
On Thu, Apr 28, 2016 at 6:34 PM, Anu Krishna Rajamohan <araj...@ncsu.edu> wrote: > Hi, > > As Apache Struts 1.x is pretty old and it suffers from many security > vulnerabilities, I decided to use a recent version of Apache Struts 2.x > (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present > in struts 2.x. Can you please let me know if the presence of this jar makes > Struts 2.x vulnerable to security issues such as CVE-2012-1007 > <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007>. > > Thanks and Best Regards, > Anu > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
