AFAIK, the struts problem is a false positive because you can't get that port to run example exploit code. https://blog.appsecco.com/detecting-and-exploiting-the-java-struts2-rest-plugin-vulnerability-cve-2017-9805-765773921d3d Has anyone got a solution to the Tomcat NFS upgrade problem. That looks tricky.
... View more
