SCANGITTMAN 0 Posted May 9, 2019 Share Posted May 9, 2019 Hi all. This is my first post on this forum. We are using ESET Management Center to manage our ESET software. We have an on-premise mail server running Exchange 2016 on Windows Server 2012 R2. On this server we have ESET File Security (ver 7.0.12018.0). The EMC dashboard is showing the following information regarding our Exchange server: Computer Name: SERVER-ABC.OURDOMAIN.LOCAL Threat name: (blank) Rule name: CVE-2017-5638.Struts2 Rule ID: (blank) Occurred: (several different dates/times here, spanning the last 2 months) Event: Security vulnerability exploitation Source address: 113.140.10.112 <-- this is a different IP for each of the several events showing on the dashboard Source port: 51436 Target address: (our internal server IP address) Target port: 443 Protocol: TCP Inbound: Yes Process name: System Account: (blank) Count: 1 This appears to be related to Apache, but I don't see Apache in the list of installed programs on the server. My questions are as follows: 1) is this "Security vulnerability exploitation" alert cause for concern? 2) I noticed however that Java is in the list of installed programs via Windows Control Panel. Does anyone here know if I can safely uninstall this? Based on what I've been reading, it doesn't appear to be a prerequisite to run Microsoft Exchange 2016. I don't want to cripple the server by removing it, if it's needed in some way. Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 13, 2019 Administrators Share Posted May 13, 2019 1, The malicious communication was blocked so it's of no concern. You can block the remote IP address on a firewall to prevent future exploitation attempts. However, even if the communication was not blocked, it wouldn't pose any risk as long as you don't have a vulnerable version of Struts installed. 2, If you don't use Java intentionally, I'd rename its executables and observe if no issues occur in the next few days or weeks. If it turns out that some application requires Java, you can rename the files back. Otherwise you could uninstall it completely. Link to comment Share on other sites More sharing options...
SCANGITTMAN 0 Posted May 20, 2019 Author Share Posted May 20, 2019 Ok thank you for your help with this. You can go ahead and close this question/topic if you'd like. Link to comment Share on other sites More sharing options...
Recommended Posts