Jump to content

CVE-2017-5638.Struts2 being reported on server without Apache2 or Java

Recommended Posts

A new Windows cloud-hosted server instance, with ESET File Security 7.0.12018.0 installed and updated, is being reported by ESET as having CVE-2017-5638.Struts2 "Detected".  The server has neither Java nor Apache software of any sort, it runs IIS as a web server with PHP Manager for IIS and Microsoft Windows Cache Extension for PHP, MySQL 5.7 as database.

This looks a whole lot like the following archived thread:


Share this post

Link to post
Share on other sites

Hello @jonathanbrickman0000

so I would advise to proceed as Marcos advised in the mentioned thread:


"Have you ruled out the possibility that the remote machine is infected? If so, please enable network protection advanced logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging and provide me with logs gathered by ESET Log Collector.

As for the action, "detected" actually means detected and blocked. If I remember correctly, there were plans to change the wording to make it clear to users."

Share this post

Link to post
Share on other sites

you can upload it to a safe location and send the download details to me and Marcos via a private message to check.


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...