OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr
edit | Title Index |  Recent Changes  | 

Apache Struts 1.2.9 with SP3 by TERASOLUNA

Introduction

Fixed the unexpected event occur in Apache Struts1 (CVE-2016-1181)(CVE-2016-1182) and provided Apache Struts 1.2.9 with Security Patch 3 contributed by TERASOLUNA (hereinafter referred to as, Struts 1.2.9 sp3) under the Apache License, Version 2.0 for TERASOLUNA Server Framework for Java that uses Apache Struts 1.2.9 sp2 in TERASOLUNA framework version 2 system.

TERASOLUNA Server Framework for Java uses Apache Struts 1.2.9 sp2 in TERASOLUNA framework version 2 system. Unexpected events may occur during a processing of the request information in Apache Struts 1.2.9 sp2. As a measure for this issue, apply the Struts 1.2.9 sp3.

Furthermore, the improvement of the TERASOLUNA Server Framework for Java 2 will be released during May 2016.

Struts 1.2.9 sp3

In Struts 1.2.9 sp3, the following changes have been done on Struts 1.2.9 sp2.

Build procedure from source-code

Below is the procedure to build the source code of struts-1.2.9-sp3 and create struts.jar file.

  1. 1.Install JDK1.3.1_04
  2. Install apache-ant-1.6.1 and addition of libraries
    Deploy apache-ant-1.6.1 and add the following libraries under lib folder of ant.
    • commons-logging-1.0.4.jar
    • junit-3.8.1.jar
    • xalan-2.5.1.jar
  3. Deploy source code of struts-1.2.9-sp3
    Unzip the zip file of source code in the directory of choice. Create lib folder in the struts-1.2.9-sp3-src folder.
  4. Deploy the jar files required for build
    Place the below jar files in the directory of choice.
    • antlr-2.7.2.jar
    • checkstyle-2.4.jar
    • commons-beanutils-1.7.0.jar
    • commons-digester-1.6.jar
    • commons-fileupload-1.0.jar
    • commons-logging-1.0.4.jar
    • commons-validator-1.1.4.jar
    • junit-3.8.1.jar
    • log4j-1.2.14.jar
    • servletapi-2.3.jar
    • xerces-1.4.4.jar
    • oro-2.0.7.jar
    • jakarta-taglibs-standard-1.0
      • jstl.jar
      • standard.jar
    • jakarta-tomcat-4.0.6
      • jdbc2_0-stdext.jar
  5. Create configuration file for build
    Rename build.properties.sample to build.properties and change the paths in the file according to your own environment.
  6. Environment settings for build
    Set the below environment variables according to your own environment.
    • JAVA_HOME
    • ANT_HOME
  7. Build using ant

Download

Reference

CVE - CVE-2016-1181
JVN - JVN#03188560

CVE - CVE-2016-1182
JVN - JVN#65044642

Disclaimer

Unless required by applicable law or agreed to in writing, Struts 1.2.9 sp3 distributed under the Apache License, Version 2.0 is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Apache License, Version 2.0 for the specific language governing permissions and limitations under the License.

※ TERASOLUNA is a registered trademark or trademark of NTT DATA Corporation in Japan and other countries. ※ Other company names, product names and service names mentioned are trademarks or registered trademarks of the respective companies(owners).

edit history delete
config

[PageInfo]  LastUpdate: 2016-06-07 14:43:10, ModifiedBy: terasoluna
[Permissions]  view:all, edit:members, delete/config:members
[IRI]  https://fr.osdn.net/projects/terasoluna/wiki/StrutsPatch3-EN