Hi Team, Greetings for the day !
One of the applications(very old) which we host uses struts 1.1 and to just add to guarantee we are not exposing any action path with url pattern /* , Going by the details posted below forums the vulnerability is specific to struts 2 vulnerabilities. https://cwiki.apache.org/confluence/display/WW/S2-057 https://semmle.com/news/apache-struts-CVE-2018-11776 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 https://lgtm.com/blog/apache_struts_CVE-2018-11776 We do understand that struts 1.x is no longer supported by the community and needs to be upgraded. Having said is our assertion on the affects of vulnerability correct ? Thanks, Rahul Anand Akkina