Equifax breach was caused due to negligence of their employees to update their software said by Apache Software Foundation

Apache Struts is a successful Open Source skeleton for building enterprise-grade Java Web applications. Apache Struts controls front- and back-end applications and Internet of Things devices for many of the world’s various visible financial institutions, state organizations, technology service providers, telecommunications agencies, and Fortune 100 companies.
Apache Struts is an Apache Software Foundation Top-Level Project since 2004 and is managed by a self-selected team of active patrons to the project. A Project Management Committee PMC conducts the Project’s day-to-day services, including community growth and product releases.

On 7 September 2017, credit reporting agency Equifax published a data breach affecting 143 million consumers.

Following this report, additional claims stated that the gap was caused by CVE-2017-9805, an exploit in Apache Struts that was published on 4 September 2017.
On 9 September 2017, the Apache Struts PMC published a statement on the Equifax data break that included details on its reply process to reported vulnerabilities and also gave recommended security guidelines.
On 13 September 2017, Equifax published a statement confirming that “The vulnerability was Apache Struts CVE-2017-5638”.
This vulnerability was covered on 7 March 2017, the same day it was announced.
In result, the Equifax data trade-off was due to their negligence to install the security updates given in a timely manner.
Apache Struts CVE-2017-5638 was originally reported on 7 March 2017.
The all-volunteer Foundation manages more than 350 leading Open Source projects, including Apache HTTP Server the world’s most famous Web server software. Through the ASF’s meritocratic method known as “The Apache Way,” more than 650 individual Members and 6,200 Committers across six continents strongly collaborate to develop freely available enterprise-grade software.
Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil