Newsletter Archives

  • Looks like the bad guys may have broken into Equifax using a known hole in Apache Struts

    Posted on September 9, 2017 at 06:13 CDT by Comment in the Forums

    Apache Struts is an open-source package that runs on servers to help Java web developers. Translation: If you don’t understand, you don’t need to worry about it.

    BUT.

    Apache Struts is very common around the web. Last week, Bas van Schaik on the lgtm blog said:

    Analyst Fintan Ryan at RedMonk estimates that at least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework.

    Struts has been patched, and versions 2.3.34 and 2.5.13 don’t have the problem.

    Keith Collins on the Quartz blog explains that it isn’t clear if the Equifax hack took advantage of a bug disclosed in March, or one divulged in September.

    Dan Goodin, in an Ars Technica post from late last week, has details from a programming point of view.

    Other ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.