Just wanted to note that Filippos is completely correct. DSpace includes no PHP code, so it is not vulnerable to any PHP based attacks.
Tim ________________________________ From: 'FILIPPOS KOLOVOS' via DSpace Community <[email protected]> Sent: Wednesday, April 28, 2021 1:48 AM To: DSpace Community <[email protected]> Subject: Fwd: [dspace-community] Possible vulnerability detected - DSpace 6.3 Dear Sir, I do not think that this kind of log alerts have anything to do with DSpace. DSpace is using Java Technology and JSP/XML for the frontend and not at all PHP. These requests you are seeing in Apache are probably "fishing" requests to check IF your server has a thinkphp installation and if so, IF the vulnerability exists. The response they are getting on the other hand is that this a redirect (302), which means that they can find the content in another server, which is included in your server's response header back to the client. To which server your Apache installation redirects the users? If it is a simple HTTP => HTTPS redirection then in the log files you will also find a lot of "NOT FOUND" (404) HTTP responses for the same requests later on in the log file if you do not have a thinkphp installation. If not, you may want to check if you have a thinkphp installation somewhere in this, or another server and check to see if it is secured from that CVE. Best Regards, -Fk On Mon, Apr 26, 2021 at 8:07 PM Hernan Carvajal Briceño <[email protected]<mailto:[email protected]>> wrote: Hello. I'm finding this kind of alerts in the logs of Apache: 114.113.145.25 - - [22/Apr/2021:07:36:46 -0400] "GET /thinkphp/html/public/index.php HTTP/1.1" 302 247 112.124.1.110 - - [20/Apr/2021:04:05:44 -0400] "GET /thinkphp/html/public/index.php HTTP/1.1" 302 247 81.70.203.63 - - [20/Apr/2021:02:41:01 -0400] "GET /thinkphp/html/public/index.php HTTP/1.1" 302 247 139.155.35.209 - - [16/Apr/2021:08:22:43 -0400] "GET /thinkphp/html/public/index.php HTTP/1.1" 302 247 This is possibly related to this alerts that we're receiving from the antivirus system: https://nvd.nist.gov/vuln/detail/CVE-2019-9082 https://nvd.nist.gov/vuln/detail/CVE-2018-20062corresponden We have DSpace v6.3 Any knowledge about this? Saludos, Hernán Carvajal [https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Libre de virus. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> -- All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com<https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- Filippos Kolovos Software Systems Analyst & Engineer M.Sc. (Eng.) in Data Communications Automation & Networking Department University of Macedonia Library Egnatia 156, 546 36 Thessaloniki, Greece E-Mail: [email protected]<mailto:[email protected]> Profile: http://gr.linkedin.com/in/filipposkolovos Phone: +30-2310-891-826 ---------------------------------------------- -- All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/CAHEC7xsevfYTo2XZWQxTALW--ZgsMAcuthxohE45u5wWguz1OA%40mail.gmail.com<https://groups.google.com/d/msgid/dspace-community/CAHEC7xsevfYTo2XZWQxTALW--ZgsMAcuthxohE45u5wWguz1OA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/DM5PR2201MB1148D3C9B97C363386F57EEBED409%40DM5PR2201MB1148.namprd22.prod.outlook.com.
