Re: Offtopic: Apache Struts vulnerability: how to detect Struts & will DB encryption help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Post Apache Struts questions on the Struts mailing list: http://struts.apache.org/mail.html

It also happens that you are wrong about where HTTPD runs. Plenty of people have it running perfectly well on Windows.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Sep 10, 2017 9:45 AM, "Sunhux G" <sunhux@xxxxxxxxx> wrote:
Understand Apache web servers (runs on Unix only) & Apache Struts
(can run in Windows & appliances) are different things:

Q1:
Can the various VA scanners (like Nessus & McAfee Vulnerability Manager)
detect the presence of Struts or you'll need to login to individual servers/
endpoints or have an agent running in them (like SCCM or MS Desktop
Central) to check for the presence of Struts?

Q2:
Will DB encryption help stop Struts vulnerabilities eg, the recent one?
Is the following true (someone told me):
  If hackers directly access the database (say using sql query tools/command
to get sensitive data) on an encrypted DB, they would be stopped;
  if they hacked a user password or exploited a website (that had vulnerable
Struts to the encrypted DB, it would be no help. 

It's kinda saying if my PC's HDD is encrypted (with a PBA password
required), hackers can't access a powered down HDD but if the PC
is powered up & logged in & there's a remote execution vulnerability
to my OS, hackers can still get data out of my encrypted HDD via
this remote execution vulnerability : is this a fair analogy?

Sun



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux