Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Struts exploit?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Struts exploit?


Chronological Thread 
  • From: "Bryan E. Wooten" <>
  • To: Chris Hyzer <>, "Bryan E. Wooten" <>, "" <>
  • Subject: [grouper-users] Re: Struts exploit?
  • Date: Mon, 28 Apr 2014 21:43:08 +0000
  • Accept-language: en-US

Thanks Chris.

-Bryan

From: Chris Hyzer <>
Date: Monday, April 28, 2014 12:23 PM
To: Bryan Wooten <>, "" <>
Subject: RE: Struts exploit?

We don’t use struts 2.  In Grouper 2.3 hopefully we wont use struts anymore at all…

 

From: [] On Behalf Of Bryan E. Wooten
Sent: Monday, April 28, 2014 2:21 PM
To:
Subject: [grouper-users] Struts exploit?

 

So we get an email from our CISO about this: http://struts.apache.org/announce.html#a20140424

 

“24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation

In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient.

A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

Once the release is available, all Struts 2 users are strongly recommended to update their installations.”

I see that Grouper UI uses Struts. Is this an issue I need to worry about?

 

-Bryan

 




Archive powered by MHonArc 2.6.16.

Top of Page