Equifax Blames Breach on Apache Struts Flaw

In News by admin

Equifax has blamed last week’s data breach on an Apache Struts vulnerability

Equifax has blamed last week’s data breach on an Apache Struts vulnerability.

The vulnerability allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, and was patched in March 2017. In an updated statement on its Equifax Security website, it said that it has been “intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted” and the firm determined that the attackers exploited the website application vulnerability.

Source: Equifax Blames Breach on Apache Struts Flaw