Equifax divulged on Wednesday that the culprit behind this summer s breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March. The bug was widely assumed by experts to be the U.S. website application vulnerability implicated by the company last Thursday. An Apache spokeswoman told Reuters on Friday that it appeared the consumer credit reporting agency hadn t applied patches for flaws discovered earlier this year. The vulnerability, a flaw in the Jakarta Multipart parser upload function in Apache, allowed an attacker to make a maliciously crafted request to an Apache webserver.
Source: https://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/