Hello,
I'm seeing a rise in activity (3 fold) along the IPS lines with bad actors using Apache.Struts.2.Jakarta.Multipart.Parser.Code.Execution and Apache.Tomcat.Arbitrary.JSP.file.Upload against my mail server and another web servers that is behind the Fotrtigate.
Should I be more concerned or just confident that the Fortigate is doing its's job? Is there something I can do to lessen the attacks on these sites?
I'm the only one on staff with the network / UTM responsibilities so I am just looking for conversation on these events. Don't know how concerned I should be or if I'm doing all I can to minimize them.
Any feedback would be most appreciated.
Thanks
---Kenny
Hello Kenny,
excuse me for asking this first: are you indeed running Apache Struts in those servers?
If not -> false positive
On the contrary, checks your logs (Apache ones, not only FAZ/FGT) or run your own proof of concept with widely published attempts to exploit this known vuln.
regards
/ Abel
Abel,
Thanks for the info. Will investigate with the developers and get back to you.
---Kenny
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.