WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Continue reading WordPress, Apache Struts Attract the Most Bug Exploits
Category Archives: apache struts
WordPress and Apache Struts weaponized vulnerabilities on the rise
Vulnerabilities in leading web and application frameworks, if exploited, can have devastating effects like the Equifax breach which affected 147 million people, according to RiskSense. Among the report’s key findings, total framework vulnerabilities in… Continue reading WordPress and Apache Struts weaponized vulnerabilities on the rise
As malware and network attacks increase in 2019, zero day malware accounts for 50% of detections
Amid significant increases in both malware and network attacks, multiple Apache Struts vulnerabilities – including one used in the devastating Equifax data breach – appeared for the first time on WatchGuard’s list of most popular network attacks in Q3 … Continue reading As malware and network attacks increase in 2019, zero day malware accounts for 50% of detections
The Hacker vs. Struts 2 Game – It Appears it has No Ending
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on Struts 2 and stole hundreds of millions of PII records…. Continue reading The Hacker vs. Struts 2 Game – It Appears it has No Ending
61 impacted versions of Apache Struts left off security advisories
Researchers found that 24 security advisories inaccurately listed affected versions for the open-source development framework. Continue reading 61 impacted versions of Apache Struts left off security advisories
Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn. Continue reading Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution
Roughly 28 million users have downloaded a malicious version of a popular open source framework that masquerades as the real thing, but in fact gives a hackers a back door into applications. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability is serious — hackers […]
The post Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution appeared first on CyberScoop.
Equifax: A study in accountability but not authority responsibility
Like most of the security community, I have spent hours digesting the recently released U.S. House of Representatives Committee on Oversight and Government Reform report on the Equifax breach. I read the report with a mix of heartfelt empathy and fear-… Continue reading Equifax: A study in accountability but not authority responsibility
Apache alerts developers of remote code execution flaw
The team that develops the Apache Struts framework is alerting users of a critical vulnerability that could allow remote code execution attacks. The Apache Foundation urged developers to update a key component of the framework in order to patch the flaw in an alert posted Monday. Projects using Struts 2.3.36 and prior are affected, Apache said, because of a vulnerable commons-fileupload library. The up-to-date version already uses the latest component. Developers need to update in order to use the latest version of the commons-fileupload library in order to “prevent your publicly accessible web site from being exposed to possible Remote Code Execution attacks,” the Apache team said. Such an attack would allow hackers to potentially take over an unsuspecting developer’s server and install malware. “Your project is affected if it uses the built-in file upload mechanism of Struts 2, which defaults to the use of commons-fileupload,” the warning said. The […]
The post Apache alerts developers of remote code execution flaw appeared first on Cyberscoop.
Continue reading Apache alerts developers of remote code execution flaw
Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to replace a file-upload component with a newer version. Apache release… Continue reading Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available