I run a small web server. Apache Struts CVE-2017-5638

[rossrubacon]

I checked my debian install dpkg -l |grep struts

I do not have it installed. so nothing to patch. i was thinking of making a fail2ban filter to add people who scan for the exploit to a list I share among my different servers to block it but still not clear what to look for in the logs

[rbirnie]

dpkg might not show it. Struts can be bundled in any java application and you'd never know.