Jump to content

Archived

This topic is now archived and is closed to further replies.

jonathanbrickman0000

CVE-2017-5638.Struts2 being reported on server without Apache2 or Java

Recommended Posts

A new Windows cloud-hosted server instance, with ESET File Security 7.0.12018.0 installed and updated, is being reported by ESET as having CVE-2017-5638.Struts2 "Detected".  The server has neither Java nor Apache software of any sort, it runs IIS as a web server with PHP Manager for IIS and Microsoft Windows Cache Extension for PHP, MySQL 5.7 as database.

This looks a whole lot like the following archived thread:

https://forum.eset.com/topic/18343-threat-log-question/

Share this post


Link to post
Share on other sites

Hello @jonathanbrickman0000

so I would advise to proceed as Marcos advised in the mentioned thread:

https://forum.eset.com/topic/18343-threat-log-question/?do=findComment&comment=90087

"Have you ruled out the possibility that the remote machine is infected? If so, please enable network protection advanced logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging and provide me with logs gathered by ESET Log Collector.

As for the action, "detected" actually means detected and blocked. If I remember correctly, there were plans to change the wording to make it clear to users."

Share this post


Link to post
Share on other sites

you can upload it to a safe location and send the download details to me and Marcos via a private message to check.

Peter

Share this post


Link to post
Share on other sites
On 4/19/2019 at 7:20 PM, jonathanbrickman0000 said:

OK.  I will be using OneDrive.  Can you send your email addresses to ...

For security reasons, edit this posting to remove your e-mail address.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...