Uploaded image for project: 'Velocity Tools'
  1. Velocity Tools
  2. VELTOOLS-163

Apache Struts Vulnerabilities - Velocity Tool (2.0)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • None
    • None
    • VelocityStruts
    • None

    Description

      Velocity Tools version 2.0 uses struts 1.3.8 which has associated vulnerabilities:

      Struts 1
      • CVE-2014-0114 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114

      Strut 2
      • CVE-2014-0113 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
      • CVE-2014-0112 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
      • CVE-2014-0094 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094

      The desired remediation goal for all affected applications is to update the respective Apache Struts component to version 2.3.16.3.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. VELTOOLS-171 Remove Struts dependency

          • Major - Major loss of function.
          • Closed

          Activity

            People

              cbrisson Claude Brisson
              psingh409 Pankaj Singh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: