You are probably correct on due to the different frameworks. If I do need to test Struts v1 where do I obtain the test instructions from? I could not find them when searching earlier.
Regards, Rayne IBM Watson Financial Services 10925 David Taylor Drive Charlotte, NC 28262-1040, US MG82/202 (704) 501-0331 From: Lukasz Lenart <lukaszlen...@apache.org> To: Struts Users Mailing List <user@struts.apache.org> Date: 08/21/2020 05:57 AM Subject: [EXTERNAL] Re: CVE-2019-0233 is Struts v1 vulnerable? pt., 21 sie 2020 o 11:30 Rayne Anderson <ray...@us.ibm.com> napisał(a): > > I know that Apache Struts File upload CVE-2019-0233 applies to Struts v2. > Does the CVE apply to Struts v1.3.8? I would say no as these are totally different frameworks but we didn't test Struts 1.3.8 against this vulnerability as Struts 1 has reached End-of-Life a few years ago. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
