← Back to team overview

dhis2-devs team mailing list archive

Re: Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?

 

Bob and Greg, many thanks for your prompt responses.

-Stephen

-----Original Message-----
From: Bob Jolliffe [mailto:bobjolliffe@xxxxxxxxx] 
Sent: Friday, September 15, 2017 4:39 AM
To: Greg Wilson <gwilson@xxxxxxxxxxxxxx>
Cc: Stephen Macauley <Stephen.Macauley@xxxxxxxxxxxxxxxxxxx>; dhis2-devs@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Dhis2-devs] Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?

DHIS2 is not vulnerable to this CVE.

On 15 September 2017 at 03:52, Greg Wilson <gwilson@xxxxxxxxxxxxxx> wrote:
> I asked the core team last week and they said DHIS2 does not use the 
> REST plugin that CVE-2017-9805 addresses. If this is not correct, I am 
> sure one of them will correct me in a couple hours.
>
> Greg Wilson
>
>
> On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley 
> <Stephen.Macauley@xxxxxxxxxxxxxxxxxxx> wrote:
>>
>> DHIS2 Developers and Community:
>>
>>
>>
>> I wanted to check if DHIS2 (specifically Version: 2.25 that includes 
>> the March 2017 patch for CVE-2017-5638) is vulnerable to the newly 
>> identified Struts exploit - CVE-2017-9805?
>>
>>
>>
>> More information available via these links:
>> https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisati
>> on-vulnerability-what-you-need-to-know/
>> and https://struts.apache.org/docs/s2-052.html
>>
>>
>>
>> As always, thanks for your prompt response and support of DHIS2!
>>
>>
>>
>> -Stephen
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
>
> --
> Greg Wilson
> BAO Systems
> gwilson@xxxxxxxxxxxxxx
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>

References