Message Image

Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Suspicious traffic related to Apache Struts vulnerabilities?

Ken Chau05-31-2023 23:50

Hi all, From time to time, we could observe that web servers are receiving below suspicious http requests. ...

Sarah Lamont06-09-2023 02:53

Hi Ken, Sorry for the delay in response. I checked in with our threat research team. They suggested ...

1. Suspicious traffic related to Apache Struts vulnerabilities?

0 Like
Ken Chau
Posted 05-31-2023 23:50
Hi all,

From time to time, we could observe that web servers are receiving below suspicious http requests.

GET /?actionErrors=1111 HTTP/1.1

GET /?id=%{{{11}}*{{11}}} HTTP/1.1

What is their puspose? Anyone has encountered this and could share your insight? Thank you.

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ken Chau
IT Manager
------------------------------
2. RE: Suspicious traffic related to Apache Struts vulnerabilities?

0 Like
Sarah Lamont
Posted 06-09-2023 02:53
Hi Ken,

Sorry for the delay in response. I checked in with our threat research team. They suggested that he payloads look like it might just be some sort of reconnaissance to see how certain servers respond. There doesn't seem to be anything especially suspicious, especially with the first one which is just a number parameter. And the second just numbers in braces, which also doesn't seem overtly malicious.

If you still have concerns, do raise a ticket with support.

Thanks,

Sarah

------------------------------
Sarah Lamont
Digital Community Manager
------------------------------

Original Message

Powered by Higher Logic