Jump to content

CVE-2017-5638.Struts2 being reported on server without Apache2 or Java


Recommended Posts

A new Windows cloud-hosted server instance, with ESET File Security 7.0.12018.0 installed and updated, is being reported by ESET as having CVE-2017-5638.Struts2 "Detected".  The server has neither Java nor Apache software of any sort, it runs IIS as a web server with PHP Manager for IIS and Microsoft Windows Cache Extension for PHP, MySQL 5.7 as database.

This looks a whole lot like the following archived thread:

https://forum.eset.com/topic/18343-threat-log-question/

Link to comment
Share on other sites

  • ESET Moderators

Hello @jonathanbrickman0000

so I would advise to proceed as Marcos advised in the mentioned thread:

https://forum.eset.com/topic/18343-threat-log-question/?do=findComment&comment=90087

"Have you ruled out the possibility that the remote machine is infected? If so, please enable network protection advanced logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging and provide me with logs gathered by ESET Log Collector.

As for the action, "detected" actually means detected and blocked. If I remember correctly, there were plans to change the wording to make it clear to users."

Link to comment
Share on other sites

On 4/19/2019 at 7:20 PM, jonathanbrickman0000 said:

OK.  I will be using OneDrive.  Can you send your email addresses to ...

For security reasons, edit this posting to remove your e-mail address.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...