On 06/02/2012 09:53 AM, Thijs Kinkhorst wrote: > Hi, > > I'm sorry, but we've got yet another set of struts vulnerabilities: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2087 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2088 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0838 > > It would be really helpful if you could check how these affect Debian aswell.
I reviewed these CVEs and they are associated with Struts 2.x. Debian currently only contains Struts 1.2, and so I don't believe these are applicable. (However, I have not attempted to replicate the vulnerabilities against sites based on the Debian libstruts1.2-java package.) tony
signature.asc
Description: OpenPGP digital signature