You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by vi...@accenture.com on 2015/01/31 17:10:17 UTC

Vulnerability issues v1, v1.1, v1.2, v1.2.7, v1.2.9

Hi,

We have applications running on struts 1.0, 1.1, 1.2, 1.2.7 and 1.2.9

I assessing for the following vulnerabilities in struts 2.0

                https://cwiki.apache.org/confluence/display/WW/S2-020
                https://cwiki.apache.org/confluence/display/WW/S2-021

I would like to know, if any of these struts versions 1.0, 1.1, 1.2, 1.2.7 and 1.2.9, is affected by this security vulnerability.

Kindly advice, if it is safe to run these applications in their existing versions.

Thanks & Regds.,
Viswanathan S


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com

Re: Vulnerability issues v1, v1.1, v1.2, v1.2.7, v1.2.9

Posted by Dave Newton <da...@gmail.com>.

Struts 1 and 2 are related by name only.
On Feb 1, 2015 12:04 PM, <vi...@accenture.com> wrote:

> Hi,
>
> We have applications running on struts 1.0, 1.1, 1.2, 1.2.7 and 1.2.9
>
> I assessing for the following vulnerabilities in struts 2.0
>
>                 https://cwiki.apache.org/confluence/display/WW/S2-020
>                 https://cwiki.apache.org/confluence/display/WW/S2-021
>
> I would like to know, if any of these struts versions 1.0, 1.1, 1.2, 1.2.7
> and 1.2.9, is affected by this security vulnerability.
>
> Kindly advice, if it is safe to run these applications in their existing
> versions.
>
> Thanks & Regds.,
> Viswanathan S
>
>
> ________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy.
>
> ______________________________________________________________________________________
>
> www.accenture.com
>