The unfolding of the Equifax breach shows that the attack started around two months after the vulnerability was disclosed and the patch was made available by Apache. That means the vulnerability could have been eliminated with a patch long before the attack.

The real problem is that it takes enterprises much longer to mitigate vulnerabilities than it takes hackers to start exploiting them. This is not an isolated case. Just remember the consequences of the WannaCry attacks back in May 2017. These examples show that we continue to leave a wide-open window of opportunity for hackers.

Open source components like Apache Struts are widely adopted by developers of commercial and in-house applications. This makes them a popular target for hackers. Organizations that aren’t aware of the components they’re using or don’t track software vulnerabilities, put themselves and their customers at risk.

Get the Facts on Apache Struts 2

The Equifax Breach
Equifax, one of the 3 major credit bureaus in the US, recently announced they were targets of a data breach that potentially exposed private information of 143 million customers. The breach was caused by the exploitation of a vulnerability (CVE-2017-5638) in Apache Struts 2.

Apache Struts 2
Apache Struts is a widely used open source component - a framework for Web servers. It’s used by companies in commercial and in-house systems to take in and serve up data.

The Vulnerability
CVE-2017-5638
Product: Apache Struts 2

Secunia Research at Flexera
Secunia Advisory: SA75730
Secunia Criticality Rating: Highly Critical (4 out of 5)
Description: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to compromise a vulnerable system.
Solution: Update to version 2.3.32 or 2.5.10.1.

Flexera's FlexNet Code Insight provides a complete Bill of Materials (BOM) for open source and third party components in your code, and alerts you to OSS vulnerabilities.

Flexera's Software Vulnerability Manager delivers vulnerability intelligence, assessment and remediation.

These tools are key for effective reduction of risk by shutting the window of opportunity for hackers.

Upcoming Webinar: Outsmarting Hackers: Shutting Your Risk Windows

Find out how vulnerable code can be easy to discover and patch.

Register Today!

Find Out if You are Affected by the Apache Struts 2 Vulnerability

Scan for free with Flex Net Code Aware

Free Scan

Track Apache Struts 2 and Vulnerabilities in Another 55,000 Applications

Try Software Vulnerability Manager Research

Free Trial

Free Scan

Find out if Apache Struts 2 is in your products with a free code scan from Flexera.

FlexNet Code Aware

Learn More…

Webinars & Videos
Blogs