perfsonar-user - Re: [perfsonar-user] Apache Struts Being Used?
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Matt Vander Werf <>
- To: Andrew Lake <>
- Cc:
- Subject: Re: [perfsonar-user] Apache Struts Being Used?
- Date: Tue, 25 Apr 2017 13:50:09 -0400
- Ironport-phdr: 9a23:H5qwHB/1Z0bPjv9uRHKM819IXTAuvvDOBiVQ1KB31egcTK2v8tzYMVDF4r011RmSDNudt6gP0rOK+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFJiTanbr5+Mhq6oRjMusQZnIBvNrs/xhzVr3VSZu9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnYUQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRRn1gykFKjE56nnahc5+jKxbrhyvpAFxzZDIb4yOLvVyYrnQcMkGSWZdXMtcUTFKDIOmb4sICuoMJeFWoJPhp1sSsBCxChOjBOXyxTBWnH/9wK013Po7EQHIwQctGNcOsGrOo9XzKagdT/q1zafTwDXFcvxawyny55XVch04p/yHQLx+cc3UyUY1FgPFiE2dppb/PzOOyuQCrXSU7+pmVeKul2EosRt9rSSoxscpkoXJn58VxUrA9SR524Y5P8G3SEl+YdOiDZBetDmaOpNoTs4jX21luiM3yrMFtJGgYCQHzZsqywLDZ/CadoWH/g7vW/2ULDp9mn5odryyiw6s/US8zuDwTMq53VZQoiZbj9XBuWoB2hzO5sWBV/Bz5F2u2SyV2ADW8uxEIV47la7cK5M5x74/jJsTsUDaEi/3hEX6kLaad0o69uWm5enreLrmppibN497jgHxLL4ildC4AeQ9KgQOXm6b9vqg1LD740H0QalGg/8zn6nXs53VPtgXq6u2DgNJzoov9hOyACu63NsDmHQKKUxJdRyJgoTxPlHBOvH4DfOxg1S2lzdrwujLPrj/AprXKHjMjanufaxz6kNHzgo80MpT6IxJBbEcOP7zQFP+tMTEDh8lNAy52/7nB8tn1oMQQmKPBamZP7nIsVOR++IvOPeDZJUOtTb5Kvgl/OLujWQnlVMHfKmp24cXZ26iHvRgPUqZfWTgjs0fHmgXowptBNDt3XSEXSReeD6WVqExrmUyDo63JYrYAIagnOrS8j28G8hzb3xaQm6FF3vlbc27Vu0CIHaXPMZnnjEeSpCnR8ks2Qz451yy8KZuMueBon5QjpnkztUgv+A=
Hi Andy,
Great! Thanks! I didn't think it was being used but thought I'd ask anyways!--
Matt Vander Werf
HPC System Administrator
University of Notre Dame
Center for Research Computing - Union Station
506 W. South Street
South Bend, IN 46601
Phone: (574) 631-0692HPC System Administrator
University of Notre Dame
Center for Research Computing - Union Station
506 W. South Street
South Bend, IN 46601
On Tue, Apr 25, 2017 at 12:06 PM, Andrew Lake <> wrote:
Hi,We don’t use Apache Struts for anything. Not sure what the scanner gives you, but if there is a particular URL or similar its telling you it thinks is pointing at a struts app let me know and we can maybe at least try to figure out what triggered it.Thanks,Andy
On April 25, 2017 at 11:53:17 AM, Matt Vander Werf () wrote:
Thanks.Can anyone confirm whether or not Apache Struts is being used for anything in the toolkit?Our vulnerability scanner we use to scan our public IP space weekly is showing a vulnerability related to Apache Struts [1][2] on our systems running the perfSONAR Toolkit (latest v4.0).I was unable to find any indication that Apache Struts was being used for anything in the toolkit, but I thought I'd ask just to make sure. So far my findings seem to indicate that this is a false-positive. We installed the toolkit using the ISO for CentOS 6.
[1] https://blog.qualys.com/securitylabs/2017/03/14/ apache-struts-cve-2017-5638- vulnerability-and-the-qualys- solution
[2] https://arstechnica.com/security/2017/03/critical- vulnerability-under-massive- attack-imperils-high-impact- sites/
--Matt Vander Werf
- [perfsonar-user] Apache Struts Being Used?, Matt Vander Werf, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Andrew Lake, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Matt Vander Werf, 04/25/2017
- Re: [perfsonar-user] Apache Struts Being Used?, Andrew Lake, 04/25/2017
Archive powered by MHonArc 2.6.19.