• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Class loader vulnerability in Struts 1.x

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

we are using struts 1.3.7 and came to know about Class loader vulnerability in Struts 1.x ( http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E ).

There as already a patch released for Struts 2.x versions.

Details :

http://www.symantec.com/connect/blogs/emerging-threat-apache-struts-zero-day-cve-2014-0050-0094-dos-and-remote-code-execution-vulner

http://struts.apache.org/announce.html#a20140424

Has anybody implemented the mitigation for Struts1.


 
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That fix is for Struts 2 only. Struts 1 has reached its EOL - it no longer gets fixes.
 
Fire me boy! Cool, soothing, shameless self promotion:
professionally read, modify and write PDF files from Java
https://products.aspose.com/pdf/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!