Security News > 2017 > September > Equifax breach happened because of a missed patch
2017-09-14 17:14
The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability in question was Apache Struts CVE-2017-5638. A failure to implement available patch CVE-2017-5638 was flagged in March 2017. It was discovered and reported by Chinese developer Nike Zheng. It was quickly patched by the Apache Struts team, but the disclosure was followed by active attacks via two very reliable exploits that … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/TgcuAU0O7KU/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |