Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Profile photo of Brian Fernandes
Brian Fernandes
Director of Customer Engagement - Loves technology and almost everything related to computing. Wants to help you write better software. Follow at @brianfernandes.

Many of you may have heard of the Equifax data breach, possibly affecting millions of consumers. Information accessed by hackers during the incident included Social Security numbers, personal details, driver’s license numbers, and even credit card numbers.

Equifax has confirmed that the breach was made possible by a vulnerability in the Apache Struts Web Framework, used on their U.S. website. The multipart parser in Struts 2.2.3.x before 2.3.32, and 2.5.x before 2.5.10.1, mishandles file uploads, as detailed here: CVE-2017-5638.

This particular vulnerability was announced in March this year, and was patched by the Struts team on the very same day. However, Equifax failed to update their site to use these patched libraries in a timely manner, which ultimately led to the data being compromised.

A more detailed analysis of this incident, by the Apache Software Foundation, can be found here.

Related Posts

Working with Java 9 in Eclipse Note: This blog was updated on 10/11/2017 to reflect the release of Oxygen 1a which includes Java 9 support.The Java 9 GA release is just a few weeks old, and you can start developing with Java 9 in Eclipse, right now! All you need to do is download a suitable Oxygen 1a (4.7.1a) based distribution for both Java 9 and JUnit 5 support. Please note th...
Building Applications with Angular Material Angular Material is a set of high-quality UI components developed by the Angular team, based on the Google Material design specification. These components help us to build applications with an attractive, yet familiar UI, giving users a consistent experience across devices.In this Angular tutorial, you will learn how to set up material design in yo...
SDC 2017 SR2 – Software Delivery Evolving Fu... Perhaps you're already a fan of the delicious combo offered by our Secure Delivery Center (SDC) -- you get the right software to your teams and manage a variety of actions (licenses, software updates, rollouts and standardization).  With our new version of SDC, we are bringing even more yummy features to the table!What is included in our 2017 SR2 r...
With Genuitec, updates are free! Did you know that you already have access to the latest Genuitec products, as a licensed user? This includes brand new releases - there's no need to buy a new version when it is released.Perhaps you have gone all the way and purchased MyEclipse, our Java IDE that includes the best tools for dynamic frontend and powerful backend development, and are...

Posted on Sep 15th 2017