2017-07-23 14:20 GMT+02:00 Chunduru, Krishnachaithanya <krishnachaithanya.chund...@broadridge.com>:
> Can someone please confirm if Apache 2.4.10 is vulnerable to the > CVE-2017-9791. I assume you meant 2.5.10 as there is no such version as 2.4.10. And as stated in the description 2.5.x series isn't affected as it doesn't ship with the Struts 1 plugin, only Struts 2.3.x can be affected http://struts.apache.org/docs/s2-048.html > I tired checking in the MANIFEST.MF file, where is the implementation version > shows v.1.1. how to resolve this issue, can we upgrade the struts? Thank you. Looks like you are running the previous version of Struts, version 1.1 which isn't affected by the vulnerability (but there are other vulnerabilities which affect this version). Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org