Apache Struts Remote Code Execution Vulnerability was discovered couple of years ago and it was used to breach high profile companies like Equifax. It was in news for quite a while for how the breach was (mis)handled by Equifax. It is a high severity vulnerability where many companies worked day and night to update their Apache Struts installations.

Buy today I discovered one of the Indian Government websites is launched with this critical Apache Struts Remote Code Execution Vulnerability. 

I am really out of words to describe how I felt when I saw government agency launching a site with this is critical Vulnerability which was very old and patches are available.

I really cannot understand how a site is launched without proper security audit.

PS: site is not disclosed as the vulnerability is not patched.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform