Hello,
I know that Struts1 and 2 are completely different code bases, but I was
wondering if the technique used by the exploit described in the CVE and
https://struts.apache.org/docs/s2-026.html could possibly apply to a
Struts 1 deployment? There is no references to a ValueStack in the Struts
zero in common.
Dave
On Thu, Sep 3, 2015 at 4:41 PM, David Gawron wrote:
> The security bulletin for CVE-2015-5169 (
> https://struts.apache.org/docs/s2-025.html) only mentions Struts 2.
Anyone
> know if the vulnerability also exists in Struts 1 in some form? I
realize
> Struts
The security bulletin for CVE-2015-5169 (
https://struts.apache.org/docs/s2-025.html) only mentions Struts 2. Anyone
know if the vulnerability also exists in Struts 1 in some form? I realize
Struts 1.x are no longer supported and that is why the bulletin doesn't
cover those releases. I grabbed
3 matches
Mail list logo
