Apache Friends Support Forum

how to update struts on an xampp 1.8.2 php 5.4.27 on WinXPpro installation?

server is being hit by attempted struts attacks which are being blocked by SEP.

How do i update or patch struts on this installation? I ONLY run apache server, i do not run tomcat or anything else.

Cars have struts... people strut. What are you looking for?

As for attacks, if you don't expose a development suite of software (like XAMPP) to the internet, you eliminate all attacks.

yes i could have been more specific.
i'm speaking of the apache struts framework https://struts.apache.org/
and how to upgrade or patch specifically against the Apache Struts CVE-2017-5638 vulnerability attacks.
the vulnerability was made public 3/6/17, and Symantec Endpoint Protection on my server machine has been bombarded by attempted attacks since.
every article i find states to the effect of "update struts now", but other than a complete reinstall on a 99% current implementation in a nondescript environment - I cannot find how to do this.

true enough i could disable my server to prevent an attack, but that's like saying death is the cure for a common cold.
the xampp interface itself is not public, just the apache server administered by xampp.

Struts is not part of the Xampp Package, you cannot "update" it therefore. Of course you may install it on yourself, but there is no Xampp support.

johnwayne wrote:the xampp interface itself is not public, just the apache server administered by xampp.

Sorry, i dont get it. What do you mean by a "Xampp interface"? Xampp is a distribution ("Xampp interface" sounds like "Ubuntu interface" or "Windows interface" - it does not make any sense), there is no "interface". And what do you mean by "just the apache server administered by xampp"?? What the hell does that mean?? Apache is part of Xampp - so if you expose Apache, you expose Xampp.

i'm not well versed enough at xampp to have the correct verbiage to communicate what i mean, even though I have successfully run my own server with it for years. I did some searching of my system, and it seems that struts is not installed, and does not need to be since i do not run TomCat. So the attacks I am getting are hackers fishing to see if the vulnerability exists, rather than attempting to exploit an existing vulnerability. The attack log didnt differentiate on that. Seems that i have nothing to update, patch, or upgrade - and I will continue to blacklist offending IPs. Thanks all for the feedback.