4

Hi i am quite new in Struts. Now we have a large project which was developed in struts1 with spring, hibernate written in 2003. The developers who worked in the project is Currently unavailable for reference. versions :

  • Struts 1.2.8

  • Spring 1.2.5

  • Hibernate 3.1.2

    Many clients are using this project with server tomcat. Now some clients are facing issues as they are blocked by Semantic security due to this error:

"[SID: 29972] Attack: Apache Struts CVE-2017-5638 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES\APACHE SOFTWARE FOUNDATION\TOMCAT 9.0\BIN\TOMCAT9.EXE"

We have searched in google and found that the issue may be caused due to the java vulnerability in struts. Many blog suggested to upgrade the struts to struts2 for solve this issue.

Now we are planing to upgrade to struts2. We need to know about the major issues(Configuration, Dependency, packages etc...) that will be faced in migration?.

Thanks in advance.

Community
  • 1
  • 1
Marvel John
  • 193
  • 1
  • 3
  • 14
  • Far, far too broad. It's a completely different framework. If your original application had concerns properly separated it's just a rework of the web layer. Back in those days, devs rarely properly separated concerns, which means you're (more or less) probably looking at a complete rewrite. Have you considered taking a less-onerous route, getting a patched S1 version? And I thought that CVE was for Struts 2? Have you confirmed it's a vulnerability in such an old version of S1? – Dave Newton Jan 19 '18 at 15:38

0 Answers0