Equifax confirms the vulnerability of apache struts

The Equifax leak has made headlines around the world. When it was made public, the origin of the problem was not yet known. Finally, the company has revealed the origin in a security update. Equifax has confirmed that there has been a security flaw in Apache Struts that is responsible for the data breach of 143 million people.

Equifax confirms the Apache Struts vulnerability

The company has revealed that this is the Apache Struts CVE-2017-5638 vulnerability, which was discovered in March this year. Although the company has not disclosed the date on which the attack occurred. They have only revealed the date they were aware of it, July 29.

Equifax vulnerability

Equifax knows exactly when the attack occurred, as the company has identified the hackers. But, so far, the company has declined to reveal everything they know. And that date is essential when determining responsibilities for the lawsuits that have been filed throughout the week in the United States. Although, we know that a security patch was released against the Apache Struts CVE-2017-5638 vulnerability on March 6.

Also, two days before Equifax will reveal the security flaw, another patch was released for another critical vulnerability in Apache Struts. And it seems that this is a vulnerability as dangerous as the first one. So much so that Cisco is auditing its products for flaws.

Apache Struts is a technology used by many of the big companies. Which is why it is one of the hackers' favorite targets. There are still many data to be revealed in this story. Which could show that Equifax has made serious security mistakes.