You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2017/10/04 11:48:00 UTC

[jira] [Resolved] (WW-4867) Apache Struts framework 1.1 and 2.x vulnerability clarification

     [ https://issues.apache.org/jira/browse/WW-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukasz Lenart resolved WW-4867.
-------------------------------
    Resolution: Not A Problem

> Apache Struts framework 1.1 and 2.x vulnerability clarification
> ---------------------------------------------------------------
>
>                 Key: WW-4867
>                 URL: https://issues.apache.org/jira/browse/WW-4867
>             Project: Struts 2
>          Issue Type: Temp
>         Environment: apache Struts framework 1.1
>            Reporter: Parthiban Palanisamy
>            Priority: Trivial
>              Labels: clarification, documentation, migration, security
>
> Hello, 
> I'm the active user of apache Struts framework 1.1 and 2.x. Recently we learned that there is a vulnerability in Apache Struts' Jakarta Multipart parser as high risk. This may lead to warning of remote code execution (RCE) attacks that were evident at Equifax which lead to complete system compromises. So I would like to take your inputs and understand the recent vulnerability over RCE is also affected 1.1/1.x versions precisely. 
> If yes, could you please support with your thoughts over next course of action to resolve the issue? 
> Thanks and appreciate your support at the earliest. 
> Regards,
> Parthiban



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)