During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit.
Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server.
Which of the following BEST describes how the security team should reach to this incident?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Given the scenario, the vulnerability scan has flagged a server for being vulnerable to an Apache Struts exploit, but the developer responsible for the server has informed the security team that Apache Struts is not installed on the server. In such a situation, the security team needs to respond appropriately to ensure that the system is secure.
Option A: The finding is a false positive and can be disregarded This option may be correct if the vulnerability scanner has produced a false positive result, indicating that the vulnerability scan has generated an erroneous report about the system's security. However, this option assumes that the vulnerability scanner is incorrect, which should not be assumed without investigating further.
Option B: The Struts module needs to be hardened on the server This option assumes that Apache Struts is installed on the server, but the module needs to be hardened to prevent it from being exploited. Since the developer has confirmed that Apache Struts is not installed on the server, this option is not applicable.
Option C: The Apache software on the server needs to be patched and updated This option may be the most appropriate since the vulnerability scan flagged the server for being vulnerable to an Apache Struts exploit. Even if Apache Struts is not installed on the server, other components of the Apache software may be vulnerable and require patching and updating. By doing so, the security team can address the vulnerability and reduce the risk of an attack.
Option D: The server has been compromised by malware and needs to be quarantined. This option assumes that the server has already been compromised by malware, which may not necessarily be the case. It is not appropriate to jump to such a conclusion without investigating the issue thoroughly.
Therefore, the best course of action would be to investigate the issue further and verify the developer's claim that Apache Struts is not installed on the server. If this is true, the Apache software on the server needs to be checked for other vulnerabilities and patched and updated accordingly. If the developer's claim is false, the server needs to be scanned again, and appropriate actions taken based on the results of the scan.