Hi all.
This is my first post on this forum.
We are using ESET Management Center to manage our ESET software.
We have an on-premise mail server running Exchange 2016 on Windows Server 2012 R2.
On this server we have ESET File Security (ver 7.0.12018.0).
The EMC dashboard is showing the following information regarding our Exchange server:
Computer Name: SERVER-ABC.OURDOMAIN.LOCAL
Threat name: (blank)
Rule name: CVE-2017-5638.Struts2
Rule ID: (blank)
Occurred: (several different dates/times here, spanning the last 2 months)
Event: Security vulnerability exploitation
Source address: 113.140.10.112 <-- this is a different IP for each of the several events showing on the dashboard
Source port: 51436
Target address: (our internal server IP address)
Target port: 443
Protocol: TCP
Inbound: Yes
Process name: System
Account: (blank)
Count: 1
This appears to be related to Apache, but I don't see Apache in the list of installed programs on the server.
My questions are as follows:
1) is this "Security vulnerability exploitation" alert cause for concern?
2) I noticed however that Java is in the list of installed programs via Windows Control Panel. Does anyone here know if I can safely uninstall this? Based on what I've been reading, it doesn't appear to be a prerequisite to run Microsoft Exchange 2016. I don't want to cripple the server by removing it, if it's needed in some way.
Thanks in advance!