You’d need to create a variation of one of the PoCs, you can likely search around for one. That said—I don’t see how S1 could be vulnerable since it’s a completely different mechanism. In general, no S2 vulnerabilities will apply to S1 *ever* unless it’s explicitly related to a dependent library—there’s no real relationship between S1 and S2.
On Fri, Aug 21, 2020 at 15:39 Rayne Anderson <ray...@us.ibm.com> wrote: > You are probably correct on due to the different frameworks. If I do need > > to test Struts v1 where do I obtain the test instructions from? I could > > not find them when searching earlier. > > > > Regards, Rayne > > > > IBM Watson Financial Services > > 10925 David Taylor Drive > > Charlotte, NC 28262-1040, US > > MG82/202 > > (704) 501-0331 > > > > > > > > > > From: Lukasz Lenart <lukaszlen...@apache.org> > > To: Struts Users Mailing List <user@struts.apache.org> > > Date: 08/21/2020 05:57 AM > > Subject: [EXTERNAL] Re: CVE-2019-0233 is Struts v1 vulnerable? > > > > > > > > pt., 21 sie 2020 o 11:30 Rayne Anderson <ray...@us.ibm.com> napisał(a): > > > > > > I know that Apache Struts File upload CVE-2019-0233 applies to Struts > > v2. > > > Does the CVE apply to Struts v1.3.8? > > > > I would say no as these are totally different frameworks but we didn't > > test Struts 1.3.8 against this vulnerability as Struts 1 has reached > > End-of-Life a few years ago. > > > > > > Regards > > -- > > Łukasz > > + 48 606 323 122 > > http://www.lenart.org.pl/ > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > -- em: davelnew...@gmail.com mo: 908-380-8699 tw: @dave_newton <https://twitter.com/dave_newton> li: dave-newton <https://www.linkedin.com/in/dave-newton/> gh: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> bl[0]: Bucky Bits <http://buckybits.blogspot.com/> bl[1]: Maker's End Blog <https://blog.makersend.com> sk: davelnewton_skype
