Hi, 2017-07-21 18:35 GMT+02:00 Chunduru, Krishnachaithanya < krishnachaithanya.chund...@broadridge.com>:
> Hi All, > > > Can someone please confirm if Apache 2.4.10 is vulnerable to the > CVE-2017-9791. > We came to know that Apache which is having Apache Struts version 2.3.x > with Struts 1 plugin and Struts 1 action is highly vulnerable . If > exploited, this vulnerability would allow a remote code execution attack. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791 seems to be related to Apache Struts only (that is a JEE framework) with no connection with httpd, so probably it would be worth to follow up with the project's user email list in my opinion: https://struts.apache.org/mail.html Luca