kingsyno 0 Posted January 21, 2019 Share Posted January 21, 2019 Hello all, After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ; Threat Type: Firewall : Security vulnerability exploitation Cause: CVE-2017-5638.Struts2 Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe What could be the cause? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted January 21, 2019 Administrators Share Posted January 21, 2019 Check the source IP address. That machine is most likely infected. Link to comment Share on other sites More sharing options...
ESET Insiders aranud87 6 Posted January 21, 2019 ESET Insiders Share Posted January 21, 2019 Hi, Must update java... https://www.java.com/en/download/ Link to comment Share on other sites More sharing options...
itman 1,743 Posted January 21, 2019 Share Posted January 21, 2019 As far as CVE-2017-5638 goes, this vulnerability was disclosed in 3/2017. Reference here: https://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html . You need to upgrade Apache to the latest version. Link to comment Share on other sites More sharing options...
Recommended Posts