3 Replies Latest reply on Apr 30, 2017 5:53 PM by dindsy

    what triggers CVE-2017-5638 in IPS

    dindsy

      Hi there,

      I am looking into blocking the vulnerability for the Apache Struts2 in my IPS.

      I've been reading threads on the vulnerability and I think I understand what it is and how it is used as an exploit. What I am not sure of is what triggers this as an exploit and not a legitimate query. Is there something specific about this that the IPS identifies as "the exploit". I am trying to understand if I am going to block legitimate traffic when I enable blocking. I am seeing this exploit come through in my SIEM and attacking the problem correctly by updating the Apache servers is more difficult than applying a block on the IPS.

       

      any help appreciated.