2017-09-05 17:06 GMT+02:00 Emi :
> Hello,
>>
>> 2017-09-05 15:17 GMT+02:00 Lukasz Lenart :
>>>
>>> - S2-052 Possible Remote Code Execution attack when using the Struts REST
>>> plugin with XStream handler to handle XML payloads
>>> http://struts.apache.org/docs/s2-050.html
>>
>> It's supposed
2017-09-06 6:22 GMT+02:00 William Stranathan :
> Struts 2.3 is also vulnerable to the s2-052 RCE. However, there's no 2.3
> patch available yet. I've tried with the latest snapshots, and those are
> also vulnerable.
>
> Is there a fix for this vulnerability on the 2.3 stream forthcoming?
I have ca
Struts 2.3 is also vulnerable to the s2-052 RCE. However, there's no 2.3
patch available yet. I've tried with the latest snapshots, and those are
also vulnerable.
Is there a fix for this vulnerability on the 2.3 stream forthcoming?
Hello,
2017-09-05 15:17 GMT+02:00 Lukasz Lenart :
- S2-052 Possible Remote Code Execution attack when using the Struts REST
plugin with XStream handler to handle XML payloads
http://struts.apache.org/docs/s2-050.html
It's supposed to be http://struts.apache.org/docs/s2-052.html
Just wan
But it's impossible! Your my_tomcat.log must have at least one load
occurrence for MethodUtils class. Maybe the app has been failed to start
at all, elsewhere I think you get NoClassDefFoundError (not
NoSuchMethodError).
On 9/5/2017 3:51 PM, albert kao wrote:
> I tried
> export
> CLASSPATH=$JAV
2017-09-05 15:17 GMT+02:00 Lukasz Lenart :
> - S2-052 Possible Remote Code Execution attack when using the Struts REST
> plugin with XStream handler to handle XML payloads
> http://struts.apache.org/docs/s2-050.html
It's supposed to be http://struts.apache.org/docs/s2-052.html
Regards
--
Ł
The Apache Struts group is pleased to announce that Struts 2.5.13 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
I tried
export
CLASSPATH=$JAVA_HOME/lib:$HOME/Struts2/struts-2.5.12/lib:$CATALINA_HOME/lib:$CLASSPATH:.
but the helloworld link in index.jsp still did not see the
/home/alkao/Struts2/struts-2.5.12/lib/commons-lang3-3.6.jar.
my_tomcat.log did not have this line any more
[Loaded org.apache.commons
8 matches
Mail list logo