Security News > 2017 > October > Companies turn a blind eye to open source risk
2017-10-17 14:17
Though open source software (OSS) helps software suppliers be nimble and build products faster, there are hidden software supply chain risks all software suppliers and IoT manufacturers should know about. For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability. Apache Struts is a widely used open source component – a framework for Web servers – used by companies in commercial and in-house systems … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/nUNYZTrZiWA/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |