Security News

Several vulnerabilities, including ones that allow remote attackers to execute arbitrary code, have been patched in recent weeks in Apache Tomcat. read more

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.

Oracle has released patches for many of its products to address several vulnerabilities in the Apache Struts 2 framework, including one that has been exploited in the wild for the past few weeks. read more

On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike...

A vulnerability found in Apache HTTP Server (httpd) can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests, a researcher warned. read more

The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.

U.S. credit reporting agency Equifax confirmed on Wednesday that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems. read more

Confirmed: Hackers Behind Mega-Breach Exploited Struts Flaw, Patch Was AvailableEquifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake...

The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months...

Credit Bureau Has Yet to Describe Exploited 'Website Application Vulnerability'Equifax has yet to describe how its site was breached, except to blame a vague "U.S. website application...