struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject Re: S2 makes Hacker News :/
Date Thu, 16 Mar 2017 12:45:26 GMT




________________________________
From: Greg Huber <gregh3269@gmail.com>
Sent: Thursday, March 16, 2017 5:19 AM
To: Struts Developers List
Subject: Re: S2 makes Hacker News :/

Just because you are using s2, does not necessarily mean you are affected,
all I get is a response :

HTTP/1.1 404
Content-Length: 0
Date: Thu, 16 Mar 2017 09:02:54 GMT
Connection: close

Looking at my logs this fishing is going on all the time.

MG>from what i read injections only happen with Content-Type injection

MG>then again patches  Struts 2.3.32 or 2.5.10.1 has been available for some time

MG>Johannes suggests implementing 'snort' to detect injection vulnerability reference link
at sans.edu below:
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/

MG>Thanks Lukasz!

Thanks also Lukasz for the quick fix.

Cheers Greg




On 14 March 2017 at 18:17, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> 2017-03-14 15:57 GMT+01:00 Doug Erickson <erickson@part.net>:
> > What is the proper server setup to prevent this?
>
> Upgrade to the latest Struts version ... and run server on a dedicated
> account, block access to the world (sever should be only allowed to
> connect to localhost) and few other things
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
Łukasz Lenart - strona domowa<http://www.lenart.org.pl/>
www.lenart.org.pl
pasja ciągle coś nowego. programowanie, tworzenie jest dla mnie życiową pasją, jak dotąd
udaje mi sie łączyć to co lubię z tym za co mi płacą i ...



>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message