You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Dave Newton <da...@gmail.com> on 2016/05/02 20:18:31 UTC

Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x

It's only "present" if you're using the Struts 1 plugin.

Are you?


On Thu, Apr 28, 2016 at 6:34 PM, Anu Krishna Rajamohan <ar...@ncsu.edu>
wrote:

> Hi,
>
> As Apache Struts 1.x is pretty old and it suffers from many security
> vulnerabilities, I decided to use a recent version of Apache Struts 2.x
> (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present
> in struts 2.x. Can you please let me know if the presence of this jar makes
> Struts 2.x vulnerable to security issues such as CVE-2012-1007
> <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007>.
>
> Thanks and Best Regards,
> Anu
>



-- 
e: davelnewton@gmail.com
m: 908-380-8699
s: davelnewton_skype
t: @dave_newton <https://twitter.com/dave_newton>
b: Bucky Bits <http://buckybits.blogspot.com/>
g: davelnewton <https://github.com/davelnewton>
so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>