Security News > 2017 > October > Companies turn a blind eye to open source risk

Companies turn a blind eye to open source risk
2017-10-17 14:17

Though open source software (OSS) helps software suppliers be nimble and build products faster, there are hidden software supply chain risks all software suppliers and IoT manufacturers should know about. For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability. Apache Struts is a widely used open source component – a framework for Web servers – used by companies in commercial and in-house systems … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/nUNYZTrZiWA/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-03-11 CVE-2017-5638 Improper Handling of Exceptional Conditions vulnerability in multiple products
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
network
low complexity
apache ibm lenovo hp oracle arubanetworks netapp CWE-755
critical
9.8