Hi Ken,
Sorry for the delay in response. I checked in with our threat research team. They suggested that he payloads look like it might just be some sort of reconnaissance to see how certain servers respond. There doesn't seem to be anything especially suspicious, especially with the first one which is just a number parameter. And the second just numbers in braces, which also doesn't seem overtly malicious.
If you still have concerns, do raise a ticket with support.
Thanks,
Sarah
------------------------------
Sarah Lamont
Digital Community Manager
------------------------------
Original Message:
Sent: 05-31-2023 23:49
From: Ken Chau
Subject: Suspicious traffic related to Apache Struts vulnerabilities?
Hi all,
From time to time, we could observe that web servers are receiving below suspicious http requests.
GET /?actionErrors=1111 HTTP/1.1
GET /?id=%{{{11}}*{{11}}} HTTP/1.1
What is their puspose? Anyone has encountered this and could share your insight? Thank you.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Ken Chau
IT Manager
------------------------------