httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Son <linuxmailinglistsem...@gmail.com>
Subject Re: [users@httpd] Struts vulnerability
Date Wed, 06 Sep 2017 23:54:43 GMT
On Wed, Sep 6, 2017 at 7:45 PM, Eric Covener <covener@gmail.com> wrote:

> On Wed, Sep 6, 2017 at 7:17 PM, Sean Son
> <linuxmailinglistsemail@gmail.com> wrote:
> > Hello all
> >
> > I am new to the mailing list as well as new to Apache Struts.  We all
> heard
> > in the news about the vulnerability affecting Apache Struts. I have been
> > tasked to determine which of our servers have Struts running on them.  I
> > have a few questions on how to determine if a server is running Struts or
> > not:
> >
> > 1) How does one determine if a Windows server, running IIS, has the
> Apache
> > Struts framework installed on it?
> >
> > 2) Does Apache Struts only run on Apache Webserver and Tomcat?
> >
> > 3) Is there a simple way to determine if a server has Struts installed,
> > instead of logging into each of the servers and checking the programs
> list?
> >
> >
> > I appreciate ALL help!
>
> Struts is a java library/framework that runs in Java-based application
> servers. You won't see it in a process list, it could just be a jar
> file in an application server directory or embedded in an enterprise
> application.
>
> Since it has no real relationship to httpd, it's not really topical on
> this list.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Thank you Eric.. I am just confused as to how to track down which servers
have this vulnerability

Mime
View raw message