Equifax has confirmed that attackers breached its systems by exploiting a flaw in Apache Struts, CVE-2017-5638, that Apache fixed via a March software update. At the time of Equifax’s mid-May breach, however, the credit bureau had not yet upgraded to the newer, patched version of the software. If one of the country’s biggest credit-check bureaus could have been hacked, then numerous other organizations are also likely at risk, security experts say. The potential exploitation of Struts is concerning because numerous sites run open source Apache Strut 2 – a widely used computing platform.”]
Source: https://www.cuinfosecurity.com/unpatched-apache-struts-flaw-to-blame-for-equifax-hack-a-10285