This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Apache Struts Vulnarabilities

0

Apache Struts is a popular web application framework. There have been several Critical vulnerabilities (3 this year) being found across wide range of Struts versions. A new Apache Struts vulnerability was discovered and announced this week. All versions of struts 2.1-2.3 and 2.5-2.5.12 are vulnerable. The official Apache info is located here: https://struts.apache.org/docs/s2-052.html
As of right now, the only remediation is to upgrade to the latest version that was released on 9/20 - 2.3.34 or 2.5.13.

Could you pls confirm to me asap that Wireshark and all application(s) used by Wireshark are using Struts or not. If any of them are using Struts could you pls supply the version?

Thanks

asked 21 Sep '17, 05:04

profke's gravatar image

profke
10779
accept rate: 0%

One Answer:

1

Wireshark doesn't use Struts, it's entirely self-supporting.

As to other applications that "use" Wireshark, (considering it's not a framework or server for others to build on), who knows.

answered 21 Sep '17, 05:10

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thank you!

(21 Sep '17, 06:09) profke