Fórum
Struts security issue
Gustavo Sánchez, modificado 6 Anos atrás.
Struts security issue
New Member Postagens: 2 Data de Entrada: 02/10/12 Postagens Recentes
Hi, does anybody know if this struts issue affects liferay in some way?
https://cwiki.apache.org/confluence/display/WW/S2-052
thanks
https://cwiki.apache.org/confluence/display/WW/S2-052
thanks
Olaf Kock, modificado 6 Anos atrás.
RE: Struts security issue
Liferay Legend Postagens: 6403 Data de Entrada: 23/09/08 Postagens RecentesGustavo Sánchez:
Hi, does anybody know if this struts issue affects liferay in some way?
https://cwiki.apache.org/confluence/display/WW/S2-052
According to Liferay support: Not affected. Liferay is using an old version of Struts in an extremely limited fashion.
Custom plugins might be affected if they use one of the vulnerable versions of Struts2
David H Nebinger, modificado 6 Anos atrás.
RE: Struts security issue
Liferay Legend Postagens: 14916 Data de Entrada: 02/09/06 Postagens RecentesGustavo Sánchez:
Hi, does anybody know if this struts issue affects liferay in some way?
https://cwiki.apache.org/confluence/display/WW/S2-052
Liferay is not susceptible to any of these reported Struts issues.
Liferay internally uses Struts 1 for routing, but the previously reported Struts 1 vulnerabilities were in areas not used in Liferay's Struts implementation (i.e. the inclusion of raw form values in constructing ActionMessage responses) because Liferay is not using any of those Struts 1 features. It is only for internal dispatching, none of the other Struts 1 features are used by Liferay.
Liferay does not use Struts 2 at all. So no Struts 2 vulnerabilities, period.
Now all of that said, if you as a developer have created Struts 1 portlets or Struts 2 portlets, you could be vulnerable, but the vulnerabilities would have been introduced by your developers and are totally your responsibility to identify and resolve.
Come meet me at Devcon 2017 or 2017 LSNA!