Skip to main content
BESCIT
BESCIT
New Member
May 1, 2019
Question

IPS detection concerns

  • May 1, 2019
  • 1 reply
  • 2795 views

Hello,

 

I'm seeing a rise in activity (3 fold) along the IPS lines with bad actors using Apache.Struts.2.Jakarta.Multipart.Parser.Code.Execution and Apache.Tomcat.Arbitrary.JSP.file.Upload against my mail server and another web servers that is behind the Fotrtigate.

 

Should I be more concerned or just confident that the Fortigate is doing its's job?  Is there something I can do to lessen the attacks on these sites?

 

I'm the only one on staff with the network / UTM responsibilities so I am just looking for conversation on these events.   Don't know how concerned I should be or if I'm doing all I can to minimize them. 

 

Any feedback would be most appreciated.

 

Thanks

---Kenny

    1 reply

    abelio
    SuperUser
    abelio
    SuperUser
    May 1, 2019

    Hello Kenny,

    excuse me for asking this first: are you indeed running Apache Struts in those servers?

    If not -> false positive

    On the contrary, checks your logs (Apache ones, not only FAZ/FGT)  or run your own proof of concept with widely published attempts to exploit this known vuln.

    BESCIT
    BESCITAuthor
    New Member
    May 3, 2019

    Abel,

     

    Thanks for the info.  Will investigate with the developers and get back to you.

     

    ---Kenny

    Terms & ConditionsAccessibility statement