On 08/09/17 09:59, Billy Aung Myint wrote:
> Hi Everyone,
> May I know if Tomcat 7.x version is affected by the Apache Struts 2 
> vulnerability?

Which one? I'm guessing you mean CVE-2017-9805. It actually doesn't
matter in this case but security vulnerabilities are given identifiers
exactly so they can be referred to unambiguously. Struts has had quite a
few vulnerabilities so it is not obvious from your query which one you
are referring to.

> I mean does Tomcat uses any of the Struts' libraries or such in any part of 
> the Tomcat?

No currently supported version of Apache Tomcat has any dependency on
any version of Struts.

Applications that might have been deployed on Tomcat may still have
dependencies on Struts and you'd need to approach the providers of each
of those applications for more information.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to