All Articles

Apache Struts Remote Code Execution Vulnerability on one of Indian Government sites

Posted by Venkata Satish Guttula on January 15, 2019 at 12:37am

Apache Struts Remote Code Execution Vulnerability was discovered couple of years ago and it was used to breach high profile companies like Equifax. It was in news for quite a while for how the breach was (mis)handled by Equifax. It is a high severity vulnerability where many companies worked day and night to update their Apache Struts installations.

Buy today I discovered one of the Indian Government websites is launched with this critical Apache Struts Remote Code Execution Vulnerability.

I am really out of words to describe how I felt when I saw government agency launching a site with this is critical Vulnerability which was very old and patches are available.

I really cannot understand how a site is launched without proper security audit.

PS: site is not disclosed as the vulnerability is not patched.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use CISO Platform.

Please check your browser settings or contact your system administrator.

Comments

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.