NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

VPPBEEF's avatar
VPPBEEF
Aspirant
Dec 10, 2015
Solved

WEB Apache Struts Wildcard Matching OGNL Code

Hi Community!

 

I'm getting this reports daily (30 more or less), and I've been reading about it, and I don't know what exacatly what can I do to my firewalls to get rid of this messages, or if because of this messages they are working fine. Prosecure UTM10

 

Any advice?

 

At time : 2015-12-10 15:12:36
Intrusion Prevention System detected attack : WEB Apache Struts Wildcard Matching OGNL Code Execution -5 (CVE-2013-2134) .
The action is : drop

More information about this attack:
Category : Apache
Protocol : tcp
Client IP : 192.168.1.117    Client Port : 54916
Server IP : 52.70.0.55    Server Port : 80

-------------------------------------------------------------------------------------------------------------------------------

 

Sometimes in between i get this one as well:

 

At time : 2015-12-10 14:56:45
Intrusion Prevention System detected attack : WEB URI Handler Buffer Overflow - GET -1 .
The action is : drop

More information about this attack:
Category : Misc
Protocol : tcp
Client IP : 192.168.1.117    Client Port : 54221
Server IP : 205.180.85.169    Server Port : 80

 

Thanks in advance

Prosecure UTM 10
Solutions
  • VPPBEEF's avatar
    VPPBEEF
    Dec 15, 2015

    Thank you very much and for your team too. You guys are awesome!

     

6 Replies

  • JohnRo's avatar
    JohnRo
    NETGEAR Employee Retired
    Dec 10, 2015

    VPPBEEF, 

     

    Welcome to the community! 

     

    It appears that these are just normal logs detected by the IPS. It looks like it might be coming from phishing sites but I'll have to check on that and get back to you. What is the firmware version that your are running on the UTM10? 

     

    Thanks, 

    • VPPBEEF's avatar
      VPPBEEF
      Aspirant
      Dec 11, 2015

      Hi John,

       

      Thanks for your help. The firmware version is the one under: Administration>System Update>Firmware?

      If it's that one says:

      Firmware reboot:

      Active - Version 3.6.2-1

       

      I hope this help... Otherwise let me know. Thanks!

      • JohnRo's avatar
        JohnRo
        NETGEAR Employee Retired
        Dec 12, 2015

        Hello again VPPBEEF, 

         

        It appears that you already have the latest firmware version. I'll try to look up more about the log entries you are getting, though it may look normal to me. 

         

        I'll get back to you if I find something related. 

         

        Thanks, 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More