> > I'd like to begin monitoring the server's request log and system logs to be > able to detect abuse of today's 0-day, if possible. Is it possible to > search for GET requests or Struts log statements to determine if this issue > is being exploited?
As far as I see it the problem are specific OGNL expressions in paramter names (GET and POST). You can try to search for parameter names in containing "class" to see requests that might try to abuse this. If you use a web server in front of your application server you might search that logs. regards, Christoph This Email was scanned by Sophos Anti Virus