← Back to team overview

dhis2-devs team mailing list archive

Re: Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?

 

I asked the core team last week and they said DHIS2 does not use the REST
plugin that CVE-2017-9805 addresses. If this is not correct, I am sure one
of them will correct me in a couple hours.

Greg Wilson


On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley <
Stephen.Macauley@xxxxxxxxxxxxxxxxxxx> wrote:

> DHIS2 Developers and Community:
>
>
>
> I wanted to check if DHIS2 (specifically Version: 2.25 that includes the
> March 2017 patch for CVE-2017-5638) is vulnerable to the newly identified
> Struts exploit - CVE-2017-9805?
>
>
>
> More information available via these links: https://nakedsecurity.sophos.
> com/2017/09/06/apache-struts-serialisation-vulnerability-
> what-you-need-to-know/ and https://struts.apache.org/docs/s2-052.html
>
>
>
> As always, thanks for your prompt response and support of DHIS2!
>
>
>
> -Stephen
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Greg Wilson
BAO Systems
gwilson@xxxxxxxxxxxxxx

Follow ups

References