struts1

Apache Struts 1 CVE issues fix

Fix the issues described in https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164424/Apache-Struts-1.3.5.html

CVE-2015-0899
Solution is in this commit https://github.com/lawrencexu/struts1/commit/646632ea5f7081a73a4b17cfa489b4fc2c8cddd8.

CVE-2014-0114
Solution:
Upgrade commons-beanutils lib to latest 1.9.4.
More details in http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt.

CVE-2016-1181
CVE-2016-1182
Solution:
Do nothing. As these two depends on CVE-2014-0114 which is fixed already.
And according to comments in link1 and link2, we should not include the mentioned commit as a general solution.

Name		Name	Last commit message	Last commit date
Latest commit History 4,973 Commits
apps		apps
assembly		assembly
core		core
el		el
extras		extras
faces		faces
integration		integration
mailreader-dao		mailreader-dao
scripting		scripting
src/site		src/site
taglib		taglib
tiles		tiles
.cvsignore		.cvsignore
.gitignore		.gitignore
.travis.yml		.travis.yml
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Repository files navigation

struts1

About

Uh oh!

Releases

Packages

Languages

Uh oh!

Uh oh!

lawrencexu/struts1

Folders and files

Latest commit

History

Repository files navigation

struts1

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages