dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #50076
Re: Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?
DHIS2 is not vulnerable to this CVE.
On 15 September 2017 at 03:52, Greg Wilson <gwilson@xxxxxxxxxxxxxx> wrote:
> I asked the core team last week and they said DHIS2 does not use the REST
> plugin that CVE-2017-9805 addresses. If this is not correct, I am sure one
> of them will correct me in a couple hours.
>
> Greg Wilson
>
>
> On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley
> <Stephen.Macauley@xxxxxxxxxxxxxxxxxxx> wrote:
>>
>> DHIS2 Developers and Community:
>>
>>
>>
>> I wanted to check if DHIS2 (specifically Version: 2.25 that includes the
>> March 2017 patch for CVE-2017-5638) is vulnerable to the newly identified
>> Struts exploit - CVE-2017-9805?
>>
>>
>>
>> More information available via these links:
>> https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vulnerability-what-you-need-to-know/
>> and https://struts.apache.org/docs/s2-052.html
>>
>>
>>
>> As always, thanks for your prompt response and support of DHIS2!
>>
>>
>>
>> -Stephen
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
>
> --
> Greg Wilson
> BAO Systems
> gwilson@xxxxxxxxxxxxxx
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help : https://help.launchpad.net/ListHelp
>
Follow ups
References