Re: Apache Struts Vulnerability - CVE-2017-9791

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

2017-07-21 18:35 GMT+02:00 Chunduru, Krishnachaithanya <Krishnachaithanya.Chunduru@xxxxxxxxxxxxxx>:

Hi All,

 

Can someone please confirm if Apache 2.4.10 is vulnerable to the CVE-2017-9791.

We came to know that Apache which is having Apache Struts version 2.3.x with Struts 1 plugin and Struts 1 action is highly vulnerable . If exploited, this vulnerability would allow a remote code execution attack. 


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791 seems to be related to Apache Struts only (that is a JEE framework) with no connection with httpd, so probably it would be worth to follow up with the project's user email list in my opinion: https://struts.apache.org/mail.html

Luca 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux