Apache Struts Remote Code Execution Vulnerability was discovered couple of years ago and it was used to breach high profile companies like Equifax. It was in news for quite a while for how the breach was (mis)handled by Equifax. It is a high severity vulnerability where many companies worked day and night to update their Apache Struts installations.
Buy today I discovered one of the Indian Government websites is launched with this critical Apache Struts Remote Code Execution Vulnerability.
I am really out of words to describe how I felt when I saw government agency launching a site with this is critical Vulnerability which was very old and patches are available.
I really cannot understand how a site is launched without proper security audit.
PS: site is not disclosed as the vulnerability is not patched.
Comments