Return-Path: <dev-return-68507-archive-asf-public=cust-asf.ponee.io@struts.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id BC4FE200C39
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 16 Mar 2017 13:45:41 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id BAE36160B7A; Thu, 16 Mar 2017 12:45:41 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id E20B1160B78
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 16 Mar 2017 13:45:40 +0100 (CET)
Received: (qmail 90221 invoked by uid 500); 16 Mar 2017 12:45:39 -0000
Mailing-List: contact dev-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:dev-unsubscribe@struts.apache.org>
List-Help: <mailto:dev-help@struts.apache.org>
List-Post: <mailto:dev@struts.apache.org>
List-Id: "Struts Developers List" <dev.struts.apache.org>
Reply-To: "Struts Developers List" <dev@struts.apache.org>
Delivered-To: mailing list dev@struts.apache.org
Received: (qmail 90209 invoked by uid 99); 16 Mar 2017 12:45:39 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Mar 2017 12:45:39 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 97C7CC0D33
	for <dev@struts.apache.org>; Thu, 16 Mar 2017 12:45:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.878
X-Spam-Level: *
X-Spam-Status: No, score=1.878 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 6POBQodYO3xu for <dev@struts.apache.org>;
	Thu, 16 Mar 2017 12:45:34 +0000 (UTC)
Received: from BAY004-OMC4S7.hotmail.com (bay004-omc4s7.hotmail.com [65.54.190.209])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id BE04E5F56B
	for <dev@struts.apache.org>; Thu, 16 Mar 2017 12:45:33 +0000 (UTC)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com ([65.54.190.200]) by BAY004-OMC4S7.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Thu, 16 Mar 2017 05:45:27 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=OnkCAbwQEYuqyQuPOaveA5sPVMoHuqcStkFXlotwk1o=;
 b=I9UY88b9q0HPcxunyoxKn2flC6kxYXBiMX57bgii3BPAGph9jB00MZo/oBQwlpRk73TauuB0+GAEQPPTXR6yxU0fSQEOkbL1KUhkww6x7dnXLpBzyOm+4i5Z59GP3fS+JR7koPsi94XW4Id9+YGTPT5QA+A5wixUDaWvu1Q3mHqK+yc8uXybOa0lawleFNhNiJvWF+Ggk3R5a/Rx/Pa2G4uLXCW7ZiwbVO4CI6QHqEAcJQHiNUBwyiirlhdQduNS1DpUGyVGWP+rR4LPiP967OCpDs5c+VJkcUlacZCgSk5mDngSO0mtS/bxjZgKMmUxmTMTmekv5xdNxFXQSOghig==
Received: from BN3NAM04FT057.eop-NAM04.prod.protection.outlook.com
 (10.152.92.54) by BN3NAM04HT081.eop-NAM04.prod.protection.outlook.com
 (10.152.93.161) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.10; Thu, 16
 Mar 2017 12:45:26 +0000
Received: from BLUPR14MB0259.namprd14.prod.outlook.com (10.152.92.56) by
 BN3NAM04FT057.mail.protection.outlook.com (10.152.93.80) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.961.10 via Frontend Transport; Thu, 16 Mar 2017 12:45:26 +0000
Received: from BLUPR14MB0259.namprd14.prod.outlook.com ([10.163.212.21]) by
 BLUPR14MB0259.namprd14.prod.outlook.com ([10.163.212.21]) with mapi id
 15.01.0977.013; Thu, 16 Mar 2017 12:45:26 +0000
From: Martin Gainty <mgainty@hotmail.com>
To: Struts Developers List <dev@struts.apache.org>
Subject: Re: S2 makes Hacker News :/
Thread-Topic: S2 makes Hacker News :/
Thread-Index: AQHSmOPkfWBma/NTF0Ct38A9NfkkZqGMmysAgAeqlYCAABCjAIAAHk2AgAA4HgCAAo4hgIAANz3u
Date: Thu, 16 Mar 2017 12:45:26 +0000
Message-ID: <BLUPR14MB02597A49BCB3963709336E69AE260@BLUPR14MB0259.namprd14.prod.outlook.com>
References: <CADJJoV6BqbBBoUVsfNraYGc8eTFR8vrFZHmE2qpfkaev0U2eKw@mail.gmail.com>
 <CAMopvkM-WzJtymN+CLVHTj5SURrEYO8sh3XcU69sb8zvmm=7fA@mail.gmail.com>
 <96f74fdb-38ce-3e0e-0b51-b268cebe5b10@apache.org>
 <CAJxTgscQ+Tq1mSYJoNNA+haLZVWhybELk4mA5u4ef-A6TkA80A@mail.gmail.com>
 <36B9A2AC-9C13-4317-840A-605760414DE7@part.net>
 <CAMopvkMxWtb635QR2xOS1yakLM-vR90uYBjg4F8_tga7i0kheg@mail.gmail.com>,<CAJi=3dUVNV48m=+9AWHPugPesAV1hm1ommGkTmcUoPxbxcw2=A@mail.gmail.com>
In-Reply-To: <CAJi=3dUVNV48m=+9AWHPugPesAV1hm1ommGkTmcUoPxbxcw2=A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: struts.apache.org; dkim=none (message not signed)
 header.d=none;struts.apache.org; dmarc=none action=none
 header.from=hotmail.com;
x-incomingtopheadermarker: OriginalChecksum:AAB1517728CAFA1B484C405A9C354369752B5C5BC5181D0B899D208483A49FF1;UpperCasedChecksum:15DA8D27F5E0F89F455C47C38AA96AA3DECEBA0E87186BB43BB6A796585F035F;SizeAsReceived:8483;Count:42
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [Zg/kj1ea1TAqqYMdoMAiSenhjIIndUsP]
x-microsoft-exchange-diagnostics: 1;BN3NAM04HT081;5:IdEUymZBccjCbPznOGeicMtkHy0GLULf6ky9wEFAYu7GhNh/mPGzkTwwaYAeNph5ar2sX013LPW5ZH59mkgj7yEMQc29c9XqU9rodxFZGisikCyWAcHOhVEyoI/Hbv8T4vjfw+N1+emk06vqHS84Kg==;24:x3EN6TmyBHeKJ5yZ0jl32jHMa9fB6z/8Md2GsTGHVz4Y8WrGTu5Tu+2zkvu1BjWcEQx2i7sCBSWary3PGneEce8aUGMEUkDd0SWcexmVfig=;7:5kuyv15IArM9RUQ9DAGFkxOdX5t0YwDVzUWINC2ZdXa25MPaenbEFVsxMoQrhtMuyjYksAdo2sT40GU8RyB6PKpLWXHwvOt1k0qJCAKR2OTvV8oBmYJpOgjIrxNVozFLEw1AiyKHTjvSW+mQHjoEZaTp4oZrPox6NSnjTJjRLHZOj6BoxBDTPHHuZHIXm4nCt4lExt6mu8jX5A3XZSGc8iu4R05tsXbm0cvRa54X4ULuso3FFMNGuB5HrhNRSk14X2bdJiQGBD3SaNNODhlXGMRjpj+lPbm+sse6etIFBgShBI3DJPcpW5jeA3J28hPI
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(10019020)(98900017);DIR:OUT;SFP:1102;SCL:1;SRVR:BN3NAM04HT081;H:BLUPR14MB0259.namprd14.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: c4cc6285-c2df-4f09-8243-08d46c6a5204
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(1601125254)(1603101448)(1701031045);SRVR:BN3NAM04HT081;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(432015242)(444000031);SRVR:BN3NAM04HT081;BCL:0;PCL:0;RULEID:;SRVR:BN3NAM04HT081;
x-forefront-prvs: 024847EE92
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
	boundary="_000_BLUPR14MB02597A49BCB3963709336E69AE260BLUPR14MB0259namp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2017 12:45:26.3192
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT081
X-OriginalArrivalTime: 16 Mar 2017 12:45:27.0325 (UTC) FILETIME=[3013E4D0:01D29E53]
archived-at: Thu, 16 Mar 2017 12:45:41 -0000

--_000_BLUPR14MB02597A49BCB3963709336E69AE260BLUPR14MB0259namp_
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable





________________________________
From: Greg Huber <gregh3269@gmail.com>
Sent: Thursday, March 16, 2017 5:19 AM
To: Struts Developers List
Subject: Re: S2 makes Hacker News :/

Just because you are using s2, does not necessarily mean you are affected,
all I get is a response :

HTTP/1.1 404
Content-Length: 0
Date: Thu, 16 Mar 2017 09:02:54 GMT
Connection: close

Looking at my logs this fishing is going on all the time.

MG>from what i read injections only happen with Content-Type injection

MG>then again patches  Struts 2.3.32 or 2.5.10.1 has been available for som=
e time

MG>Johannes suggests implementing 'snort' to detect injection vulnerability=
 reference link at sans.edu below:
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Pa=
tch+Now/22169/

MG>Thanks Lukasz!

Thanks also Lukasz for the quick fix.

Cheers Greg




On 14 March 2017 at 18:17, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> 2017-03-14 15:57 GMT+01:00 Doug Erickson <erickson@part.net>:
> > What is the proper server setup to prevent this?
>
> Upgrade to the latest Struts version ... and run server on a dedicated
> account, block access to the world (sever should be only allowed to
> connect to localhost) and few other things
>
>
> Regards
> --
> =A3ukasz
> + 48 606 323 122 http://www.lenart.org.pl/
=A3ukasz Lenart - strona domowa<http://www.lenart.org.pl/>
www.lenart.org.pl
pasja ci=B1gle co=B6 nowego. programowanie, tworzenie jest dla mnie =BFycio=
w=B1 pasj=B1, jak dot=B1d udaje mi sie =B3=B1czy=E6 to co lubi=EA z tym za =
co mi p=B3ac=B1 i ...



>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

--_000_BLUPR14MB02597A49BCB3963709336E69AE260BLUPR14MB0259namp_--