CVE-2017-5638.Struts2

[kingsyno 0]

Hello all,

 

After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ;

Threat Type: Firewall : Security vulnerability exploitation

Cause: CVE-2017-5638.Struts2

Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe

What could be the cause?

 

[Marcos 5,074]

Check the source IP address. That machine is most likely infected.

[aranud87 6]

Hi,

Must update java...
https://www.java.com/en/download/

 

[itman 1,659]

As far as CVE-2017-5638 goes, this vulnerability was disclosed in 3/2017. Reference here: https://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html . You need to upgrade Apache to the latest version.