Breaking NewsIndustry Observations

Breach Related To Apache Struts 2

We have learned today that the Equifax breach that has affected hundreds of millions of people was exploited by utilizing a known issue in Apache Struts 2, specifically CVE-2017-5638. This vulnerability was released in March of 2017 and users of the vulnerable version were encouraged to patch their version as soon as possible.


WhiteHat Security created checks for this vulnerability in both Dynamic and Static analysis as soon as the vulnerability was released in March. We have been checking for this vulnerability ever since. We highly recommend all companies check their vulnerabilities and make sure there are no open vulnerabilities relating to CVE-2017-5638.  If so, please update to the latest version of Apache Struts 2 as soon as you possibly can to prevent any breach.


You can read more about our coverage of this vulnerability from our posting back in March which can be found here: https://www.whitehatsec.com/blog/apache-struts-cve-2017/