Thank you very much dear Filippos and Tim! Saludos,
Hernán Carvajal <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Libre de virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> El mié, 28 abr 2021 a las 10:59, 'Tim Donohue' via DSpace Community (< [email protected]>) escribió: > Just wanted to note that Filippos is completely correct. DSpace includes > no PHP code, so it is not vulnerable to any PHP based attacks. > > Tim > ------------------------------ > *From:* 'FILIPPOS KOLOVOS' via DSpace Community < > [email protected]> > *Sent:* Wednesday, April 28, 2021 1:48 AM > *To:* DSpace Community <[email protected]> > *Subject:* Fwd: [dspace-community] Possible vulnerability detected - > DSpace 6.3 > > Dear Sir, > > I do not think that this kind of log alerts have anything to do with > DSpace. DSpace is using *Java Technology* and *JSP/XML* for the frontend > and not at all PHP. > These requests you are seeing in Apache are probably "fishing" requests to > check IF your server has a thinkphp installation and if so, IF the > vulnerability exists. > The response they are getting on the other hand is that this a redirect > (302), which means that they can find the content in another server, which > is included in your server's response header back to the client. > > To which server your Apache installation redirects the users? If it is a > simple HTTP => HTTPS redirection then in the log files you will also find a > lot of "NOT FOUND" (404) HTTP responses for the same requests later on in > the log file if you do not have a thinkphp installation. > If not, you may want to check if you have a thinkphp installation > somewhere in this, or another server and check to see if it is secured from > that CVE. > > Best Regards, > > -Fk > > On Mon, Apr 26, 2021 at 8:07 PM Hernan Carvajal Briceño < > [email protected]> wrote: > > Hello. > > I'm finding this kind of alerts in the logs of Apache: > > 114.113.145.25 - - [22/Apr/2021:07:36:46 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 112.124.1.110 - - [20/Apr/2021:04:05:44 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 81.70.203.63 - - [20/Apr/2021:02:41:01 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 139.155.35.209 - - [16/Apr/2021:08:22:43 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > > This is possibly related to this alerts that we're receiving from the > antivirus system: > https://nvd.nist.gov/vuln/detail/CVE-2019-9082 > https://nvd.nist.gov/vuln/detail/CVE-2018-20062corresponden > > We have DSpace v6.3 > > Any knowledge about this? > > Saludos, > > Hernán Carvajal > > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Libre > de virus. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#m_-6956919041868838940_x_m_8178413024954924523_m_5828217180242871373_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com > <https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > > -- > Filippos Kolovos > > Software Systems Analyst & Engineer > M.Sc. (Eng.) in Data Communications > > Automation & Networking Department > University of Macedonia Library > Egnatia 156, > 546 36 Thessaloniki, Greece > > E-Mail: [email protected] <[email protected]> > Profile: http://gr.linkedin.com/in/filipposkolovos > Phone: +30-2310-891-826 > ---------------------------------------------- > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/CAHEC7xsevfYTo2XZWQxTALW--ZgsMAcuthxohE45u5wWguz1OA%40mail.gmail.com > <https://groups.google.com/d/msgid/dspace-community/CAHEC7xsevfYTo2XZWQxTALW--ZgsMAcuthxohE45u5wWguz1OA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/DM5PR2201MB1148D3C9B97C363386F57EEBED409%40DM5PR2201MB1148.namprd22.prod.outlook.com > <https://groups.google.com/d/msgid/dspace-community/DM5PR2201MB1148D3C9B97C363386F57EEBED409%40DM5PR2201MB1148.namprd22.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/CAE7AYAJz82sr8OEqfMmwonZsjvH5uLrEuSfi5iYNbVOZpnte2A%40mail.gmail.com.
