perfsonar-user - [perfsonar-user] Apache Struts Being Used?
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Matt Vander Werf <>
- To:
- Subject: [perfsonar-user] Apache Struts Being Used?
- Date: Tue, 25 Apr 2017 11:52:24 -0400
- Ironport-phdr: 9a23:OhWl1hZAc37xL7Q1kgoJAXz/LSx+4OfEezUN459isYplN5qZr8q6bnLW6fgltlLVR4KTs6sC0LuI9fy6Ej1aqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdzIRmsogjdqMYajI98Jq0s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlSEKPCM7/m7KkMx9lKJVrhyiqRJi3YDbfJqYO+Bicq7HZ94WWXZNU8RXWidcAo28dYwPD+8ZMOhftYb9u0cOpgaxCga2AuPg1yFHhmXr1qI6zeshCw/G1xEnEtILrnTbttP1O7oMXuCvwqjF1jPDYO5M1Tjj9YfIbwksrPeRVrx+dsrRzFMgFwLDjliIs4PlJSiV1vgTvGeH7+pgU+OvhHI9pA1rvjevwcIshpHQhoII0F/E8SV4wJ0vKdKkT057ZNipG4ZTuSGCL4Z6XMIvT31qtSs/xL0LuoW0cDQPxZko2xLTd+GLfo2U7R7/T+mcJDJ1iGxrdb6jnxq+71Ssx+nmWsS30FtGtDRJnsfCu3wXyhDe6dSLR/1g9Um7wzmPzRrc6uRcLEA0i6XbL5khz6Y1lpUJsETDGjb6mETqjKOKb0kl9fak5ur7brn8qZ+cMIh0ig76MqswgMCwHeM4Mg0WU2ia/+SzyqHj8FXnTLhLkvE7kKzUsJ7ZKMsAuqK0BgBY3po/5xqiCjqpzMgUkmICIV9AZh6KgZTlN0nLIP/iDPe/h1qskC1sx/DDJrDhB4vNIWLFkLj8Y7l98UBdxRE1zd9C/Z5bFKwOIO/rVk/rqNPYFgM5MxCzw+v/ENVyyJkeWWyUAq+eNqPdq0WI6vsyI+mXeoAVoi3wK/wk5/71kX85gkERcbOo3ZsRdHC3AO5mI0OHbnrwnNsNC3kFsRcjTL+itFrXSTNJaW21WasmoywgBZiODIHfS5qrjaDbmiq3A854fGdDX3WFDWugSYyCV/oWIB2fOMEpxjkaXL6tRpU+/Rei8gL21uw0faLv5iQEuMe7h5BO7OrJmERq+A==
Our vulnerability scanner we use to scan our public IP space weekly is showing a vulnerability related to Apache Struts [1][2] on our systems running the perfSONAR Toolkit (latest v4.0).
I was unable to find any indication that Apache Struts was being used for anything in the toolkit, but I thought I'd ask just to make sure. So far my findings seem to indicate that this is a false-positive. We installed the toolkit using the ISO for CentOS 6.[1] https://blog.qualys.com/securitylabs/2017/03/14/apache-struts-cve-2017-5638-vulnerability-and-the-qualys-solution
[2] https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/
--
Matt Vander Werf
- [perfsonar-user] Apache Struts Being Used?, Matt Vander Werf, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Andrew Lake, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Matt Vander Werf, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Andrew Lake, 04/25/2017
Archive powered by MHonArc 2.6.19.