Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Brian Fernandes
Director of Customer Engagement - Loves technology and almost everything related to computing. Wants to help you write better software. Follow at @brianfernandes.

Many of you may have heard of the Equifax data breach, possibly affecting millions of consumers. Information accessed by hackers during the incident included Social Security numbers, personal details, driver’s license numbers, and even credit card numbers.

Equifax has confirmed that the breach was made possible by a vulnerability in the Apache Struts Web Framework, used on their U.S. website. The multipart parser in Struts 2.2.3.x before 2.3.32, and 2.5.x before 2.5.10.1, mishandles file uploads, as detailed here: CVE-2017-5638.

This particular vulnerability was announced in March this year, and was patched by the Struts team on the very same day. However, Equifax failed to update their site to use these patched libraries in a timely manner, which ultimately led to the data being compromised.

A more detailed analysis of this incident, by the Apache Software Foundation, can be found here.

Related Posts

A Day with Dani: Angular Coding with Angular IDE +... Now that I’ve acquired a pretty good amount of knowledge with Python, I have decided to test the waters of Angular development. Already being familiar with CSS, HTML and JavaScript, I was advised to start looking into learning this language. I love working with web technologies, so I went ahead and took an Angular crash course to get me started. Af...
A Day with Dani: Eclipse Plugin for Awesome Worksp... DevStyle Rescued My Workspace!As a new developer working in Eclipse, nothing was worse than doing a project and looking at an outdated, plain workspace. It was boring, and took away from the excitement and learning these projects had to offer. This was an IDE I would be using almost every day, so when I learned about the DevStyle plugin for Eclipse...
Happy Holidays – from Our Family to Yours! It’s that time of the year again - the time to enjoy a break from the everyday duties, accompanied by our loved ones! At Genuitec we would like to wish you a wonderful holiday season filled with great times and awesome food! We already got our party hats out (as you can see)! Our U.S. offices will be closed on December 25th and 26th, as well as Jan...
Introducing DevStyle – Rebooting EclipseR... Yesterday we released the first production version of DevStyle, a free add-on for Eclipse. DevStyle seeks to dramatically improve the Eclipse user experience for millions of developers with the introduction of modern developer ergonomics and the beautiful styling you’ve come to expect from products in 2017.Over the years, the Eclipse evolution has ...

Posted on Sep 15th 2017