Replies: 3 comments 10 replies
-
What OS are you using?
|
Beta Was this translation helpful? Give feedback.
-
It seems we were attacked by this vulnerability in Mirth Connect Server https://www.horizon3.ai/attack-research/attack-blogs/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ A python script calling this URL was executed: http://192.112.255.229/mobile/mirth.php This is the contents of that URL which is another script:
|
Beta Was this translation helpful? Give feedback.
-
NOTE: mirth reported this happened only on Java 8, but we had Java 11 on our server, so I'm not 100% sure if the report from Mirth is correct. REF https://github.com/nextgenhealthcare/connect/wiki/4.4.0---What's-New#remote-code-execution-vulnerability-when-using-java-8-and-elevated-permissions |
Beta Was this translation helpful? Give feedback.
-
I have a process mirthd spawning even if I stopped the mirth service.
It's actually eating memory and cpu on a server and when I kill one, another is spawned.
Not sure what mirthd is, how it's spawned or how to kill it.
Any ideas?
Beta Was this translation helpful? Give feedback.
All reactions