Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Brian Fernandes
Director of Customer Engagement - Loves technology and almost everything related to computing. Wants to help you write better software. Follow at @brianfernandes.

Many of you may have heard of the Equifax data breach, possibly affecting millions of consumers. Information accessed by hackers during the incident included Social Security numbers, personal details, driver’s license numbers, and even credit card numbers.

Equifax has confirmed that the breach was made possible by a vulnerability in the Apache Struts Web Framework, used on their U.S. website. The multipart parser in Struts 2.2.3.x before 2.3.32, and 2.5.x before 2.5.10.1, mishandles file uploads, as detailed here: CVE-2017-5638.

This particular vulnerability was announced in March this year, and was patched by the Struts team on the very same day. However, Equifax failed to update their site to use these patched libraries in a timely manner, which ultimately led to the data being compromised.

A more detailed analysis of this incident, by the Apache Software Foundation, can be found here.

Related Posts

Update RE: MyEclipse and Oracle JDK There is a lot of concern regarding Oracle JDK in Enterprises, in particular with the new licensing model that is now in effect. If you are immediately required to discontinue use of all Oracle JDKs, scroll to the end for steps to facilitate that change. If you can wait just a little bit, it’s important to clarify a few key points. For context, you...
MyEclipse 2018.12 – Start off the New Year o... Did you miss the MyEclipse 2018.12 release around the holidays? Besides the usual complement of bug fixes, we’ve been able to fix some long standing performance issues, and make some fixes for Java 10 as well. If you’re using MyEclipse 2018, this is a release you’ll want to pick up.Performance FixesSlow JSP Typing - you’re too fast for the IDE (NOT...
Celebrating Success… with You! Happy Holidays! We are excited about closing off another successful chapter! You’ve made 2018 a wonderful year: our Darkest Dark theme is number one on the Eclipse Marketplace with over 600K installs, and CodeMix keeps gaining popularity with over 100K installs - currently number seven.  Thank you for giving us your preference!We are getting ready to celebrate, no...
CodeMix – Better with You! Thanks to detailed feedback from our awesome users, our team has been hard at work adding stability, reliability and performance fixes, and enhancements, to CodeMix. Read on for the deets on what’s new in CodeMix over the last month.Editing & ValidationWhen editing TypeScript files, error markers were sometimes not cleared when the error was fi...

Posted on Sep 15th 2017