🔥 3-day streak
CompTIA CySA+ (CS0-003)22 / 147
Question 22 of 147

A vulnerability scanner reports that a critical Apache Struts remote code execution flaw (CVE-2017-5638) is present on a production web server. Before the analyst escalates the finding to the patching team, the server owner insists the application was migrated to a Java Spring framework months ago and no longer uses Struts. Which action should the analyst take FIRST to determine whether this is a false positive?

Reviewed for accuracy · Report an issueNext question