Bob and Greg, many thanks for your prompt responses. -Stephen
-----Original Message----- From: Bob Jolliffe [mailto:bobjolli...@gmail.com] Sent: Friday, September 15, 2017 4:39 AM To: Greg Wilson <gwil...@baosystems.com> Cc: Stephen Macauley <stephen.macau...@inductivehealth.com>; dhis2-devs@lists.launchpad.net Subject: Re: [Dhis2-devs] Latest Struts exploit - CVE-2017-9805 | impact to DHIS2? DHIS2 is not vulnerable to this CVE. On 15 September 2017 at 03:52, Greg Wilson <gwil...@baosystems.com> wrote: > I asked the core team last week and they said DHIS2 does not use the > REST plugin that CVE-2017-9805 addresses. If this is not correct, I am > sure one of them will correct me in a couple hours. > > Greg Wilson > > > On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley > <stephen.macau...@inductivehealth.com> wrote: >> >> DHIS2 Developers and Community: >> >> >> >> I wanted to check if DHIS2 (specifically Version: 2.25 that includes >> the March 2017 patch for CVE-2017-5638) is vulnerable to the newly >> identified Struts exploit - CVE-2017-9805? >> >> >> >> More information available via these links: >> https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisati >> on-vulnerability-what-you-need-to-know/ >> and https://struts.apache.org/docs/s2-052.html >> >> >> >> As always, thanks for your prompt response and support of DHIS2! >> >> >> >> -Stephen >> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-devs >> Post to : dhis2-devs@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-devs >> More help : https://help.launchpad.net/ListHelp >> > > > > -- > Greg Wilson > BAO Systems > gwil...@baosystems.com > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp