Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Regarding CVE-2014-0114 in Struts-1.2.9.jar SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Regarding CVE-2014-0114 in Struts-1.2.9.jar
Hi,

We have used struts-1.2.9.jar in our project. I found CVE-2014-0114 vulnerability in this jar.
While looking for the possible solutions for these I found that Struts 1.x has had its End-Of-Life announcement one year ago and upgrades are available for it on Linux systems. But my application runs on windows.


Can you please suggest me possible fix/alternates to get rid of this vulnerability.


Thanks in advance!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!