Apache Software Foundation
Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)
Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
The Hacker vs. Struts 2 Game – It Appears it has No Ending
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on ...
Apache Struts, RCEs, and the Equifax Breach Anniversary
We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...
Experts Urge Rapid Patching of ‘Struts’ Bug
In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw -- in a Web component known as Apache Struts -- led to ...
