A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. It is possible to perform a Remote Code Execution attack if given construction exists in the vulnerable application. Please read the security bulletin for more details and inspect your application.
- S2-048 Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series http://struts.apache.org/docs/s2-048.html http://struts.apache.org/announce.html#a20170707 NOTE: Please notice that this vulnerability does not affect applications using Struts 2.5.x series or applications that do not use the Struts 1 plugin. Even if the plugin is available but certain code construction is not present, your application is safe. On behalf of the Apache Struts project Kind regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
