One of the key aspects of the demo was the actual showcasing of the critical server vulnerabilities, like those found recently in web application framework Apache Struts
, which is a free, open-source, MVC framework popular among IT professionals across all industries and the vulnerability at the centre of the infamous Equifax data breach in 2017.
In March of 2017, a cybersecurity arm of the US Department of Homeland Security, US-CERT, issued a warning about vulnerabilities in the web application software, Apache Struts
. According to Equifax, it notified the company's systems administrators about the program vulnerability, but the recipient list was outdated and the administrators who would have installed the patch never received the notice.
is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including by 65 percent of the Fortune 100 companies, like Vodafone, Lockheed Martin, Virgin Atlantic, and the IRS.
"Exploits targeting flaws in the Apache Struts
framework remain high on the list after jumping in popularity among attackers in Q3 due to Struts' role in the Equifax breach," it noted.
Another scary scenario painted by Carter is cybercriminals using bots to search Project Unicorn or Shodan for banks that use Apache Struts
(an open source web application framework widely used by banks but contains many known vulnerabilities) and then use off-the-shelf ransomware to exploit those vulnerabilities.
Smith said the breach was the result of both "human error and technology failures," and confirmed the hackers gained unauthorized access to the company's servers by exploiting a vulnerability in the popular web application framework Apache Struts
On Wednesday, exploit code for a nine-year-old code-execution vulnerability in Apache Struts
2-a software framework used by many large financial service websites-went public, but there was no immediate indication that the Equifax site uses it.
The new storefront is built upon the Apache Struts
2 MVC framework which is a widely used open-source framework for developing Java EE web applications.
Our scan data shows that 91 percent of Java applications using Apache Struts
were using version with a high or very high severity vulnerability.
He added this results from servers running unpatched frameworks such as Apache Struts
The attacker made use of a exploit in a web application framework called Apache Struts
. The vulnerability was patched two months before the breach at the credit reporting firm took place, and had been exploited numerous times in the wild before a threat actor tried their hand at hitting one of the there major credit reporting companies in the United States.
According to the analysis, 68 percent of Java applications using the Apache Struts
2 library were using a vulnerable version of the component in the weeks following the initial attacks.