Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!

Liam Shovelin

Greenhorn
+ Follow
since Feb 18, 2019
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Liam Shovelin

Tim,

Thanks for the reply. I am doing some research on the struts_1 framework and more specifically CVE-2016-1182. I totally get what you are saying, but I am trying to form a paper-trail to the vulnerability (CVE-2016-1182) for my Masters research.

I just need link document where Apache recognize the issue. I believe it was never fixed..so just the acknowledgement, something more concrete that this >> https://www.securityfocus.com/bid/91067

If you are familiar and can help me, i would greatly appreciate it

-Liam
4 months ago
Folks,

I hope someone one here help me find an answer. Basically I am researching struts_1 (not two) and want to find something from the Stuts team that acknowledges the
recognize the vulnerability CVE-2016-1182. I have completed some research and find such things as

https://www.securityfocus.com/bid/91067

https://issues.apache.org/jira/browse/STR-539?jql=project%20%3D%20STR%20AND%20text%20~%20%22security%22

https://www.fortinet.com/blog/threat-research/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182.html

https://www.cvedetails.com/cve/CVE-2016-1182/er


But I need something where Sturts themselves accept this as vulnerability. I was on their site and it details security bulletins on on Struts 2 (I know Struts 1 is End of support) -

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins

This is quiet important and I would really appreciate anyone can help me find something along these lines.

Thanks, any help is greatly appreciated.
-Liam
4 months ago