Apache Struts Remote Code Execution Vulnerability on one of Indian Government sites

Apache Struts Remote Code Execution Vulnerability was discovered couple of years ago and it was used to breach high profile companies like Equifax. It was in news for quite a while for how the breach was (mis)handled by Equifax. It is a high severity vulnerability where many companies worked day and night to update their Apache Struts installations.

Buy today I discovered one of the Indian Government websites is launched with this critical Apache Struts Remote Code Execution Vulnerability. 

I am really out of words to describe how I felt when I saw government agency launching a site with this is critical Vulnerability which was very old and patches are available.

I really cannot understand how a site is launched without proper security audit.

PS: site is not disclosed as the vulnerability is not patched.

Views: 35

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service