Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Looks like the bad guys may have broken into Equifax using a known hole in Apache Struts

    Posted on September 9th, 2017 at 06:13 woody Comment on the AskWoody Lounge

    Apache Struts is an open-source package that runs on servers to help Java web developers. Translation: If you don’t understand, you don’t need to worry about it.

    BUT.

    Apache Struts is very common around the web. Last week, Bas van Schaik on the lgtm blog said:

    Analyst Fintan Ryan at RedMonk estimates that at least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework.

    Struts has been patched, and versions 2.3.34 and 2.5.13 don’t have the problem.

    Keith Collins on the Quartz blog explains that it isn’t clear if the Equifax hack took advantage of a bug disclosed in March, or one divulged in September.

    Dan Goodin, in an Ars Technica post from late last week, has details from a programming point of view.