dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #50078
Re: Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?
Bob and Greg, many thanks for your prompt responses.
-Stephen
-----Original Message-----
From: Bob Jolliffe [mailto:bobjolliffe@xxxxxxxxx]
Sent: Friday, September 15, 2017 4:39 AM
To: Greg Wilson <gwilson@xxxxxxxxxxxxxx>
Cc: Stephen Macauley <Stephen.Macauley@xxxxxxxxxxxxxxxxxxx>; dhis2-devs@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Dhis2-devs] Latest Struts exploit - CVE-2017-9805 | impact to DHIS2?
DHIS2 is not vulnerable to this CVE.
On 15 September 2017 at 03:52, Greg Wilson <gwilson@xxxxxxxxxxxxxx> wrote:
> I asked the core team last week and they said DHIS2 does not use the
> REST plugin that CVE-2017-9805 addresses. If this is not correct, I am
> sure one of them will correct me in a couple hours.
>
> Greg Wilson
>
>
> On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley
> <Stephen.Macauley@xxxxxxxxxxxxxxxxxxx> wrote:
>>
>> DHIS2 Developers and Community:
>>
>>
>>
>> I wanted to check if DHIS2 (specifically Version: 2.25 that includes
>> the March 2017 patch for CVE-2017-5638) is vulnerable to the newly
>> identified Struts exploit - CVE-2017-9805?
>>
>>
>>
>> More information available via these links:
>> https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisati
>> on-vulnerability-what-you-need-to-know/
>> and https://struts.apache.org/docs/s2-052.html
>>
>>
>>
>> As always, thanks for your prompt response and support of DHIS2!
>>
>>
>>
>> -Stephen
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
>
> --
> Greg Wilson
> BAO Systems
> gwilson@xxxxxxxxxxxxxx
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help : https://help.launchpad.net/ListHelp
>
References