Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 5 Sep 2017 15:22:23 +0200
From: Lukasz Lenart <lukaszlenart@...che.org>
To: Struts Users Mailing List <user@...uts.apache.org>
Cc: "announcements@...uts.apache.org" <announcements@...uts.apache.org>, 
	Struts Developers List <dev@...uts.apache.org>, announce@...che.org, 
	"security@...uts.apache.org" <security@...uts.apache.org>, oss-security@...ts.openwall.com, 
	bugtraq@...urityfocus.com, Jonathan Bullock <jonbullock@...il.com>, 
	Man Yue Mo <mmo@...mle.com>, Bas van Schaik <bas@...mle.com>, Adam Cazzolla <acazzolla@...atype.com>, 
	chenhuijun <874892484@...com>
Subject: Re: [ANN] Apache Struts 2.5.13 GA with Security Fixes Release

2017-09-05 15:17 GMT+02:00 Lukasz Lenart <lukaszlenart@...che.org>:
> - S2-052 Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads
>     http://struts.apache.org/docs/s2-050.html

It's supposed to be http://struts.apache.org/docs/s2-052.html


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ