
I run a small web server. Apache Struts CVE-2017-5638 - rossrubacon
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
======
rossrubacon
I checked my debian install dpkg -l |grep struts

I do not have it installed. so nothing to patch. i was thinking of making a
fail2ban filter to add people who scan for the exploit to a list I share among
my different servers to block it but still not clear what to look for in the
logs

~~~
rbirnie
dpkg might not show it. Struts can be bundled in any java application and
you'd never know.

