Social Network For CISO (Chief Information Security Officers)
Apache Struts Remote Code Execution Vulnerability was discovered couple of years ago and it was used to breach high profile companies like Equifax. It was in news for quite a while for how the breach was (mis)handled by Equifax. It is a high severity vulnerability where many companies worked day and night to update their Apache Struts installations.
Buy today I discovered one of the Indian Government websites is launched with this critical Apache Struts Remote Code Execution Vulnerability.
I am really out of words to describe how I felt when I saw government agency launching a site with this is critical Vulnerability which was very old and patches are available.
I really cannot understand how a site is launched without proper security audit.
PS: site is not disclosed as the vulnerability is not patched.