Nasdaq Proposes Fast-Track Rule to Accelerate Index Inclusion for Major New Listings 
Amazon Stock Rebounds After Earnings as $200B Capex Plan Sparks AI Spending Debate 
TSMC Eyes 3nm Chip Production in Japan with $17 Billion Kumamoto Investment 
Once Upon a Farm Raises Nearly $198 Million in IPO, Valued at Over $724 Million 
Ford and Geely Explore Strategic Manufacturing Partnership in Europe 
Missouri Judge Dismisses Lawsuit Challenging Starbucks’ Diversity and Inclusion Policies 
Anthropic Eyes $350 Billion Valuation as AI Funding and Share Sale Accelerate 
Prudential Financial Reports Higher Q4 Profit on Strong Underwriting and Investment Gains 
Nvidia, ByteDance, and the U.S.-China AI Chip Standoff Over H200 Exports 
Baidu Approves $5 Billion Share Buyback and Plans First-Ever Dividend in 2026 
Nvidia Nears $20 Billion OpenAI Investment as AI Funding Race Intensifies 
Australian Scandium Project Backed by Richard Friedland Poised to Support U.S. Critical Minerals Stockpile 
AMD Shares Slide Despite Earnings Beat as Cautious Revenue Outlook Weighs on Stock 
Alphabet’s Massive AI Spending Surge Signals Confidence in Google’s Growth Engine 
Uber Ordered to Pay $8.5 Million in Bellwether Sexual Assault Lawsuit 
SoftBank Shares Slide After Arm Earnings Miss Fuels Tech Stock Sell-Off 
TrumpRx Website Launches to Offer Discounted Prescription Drugs for Cash-Paying Americans 
Forest Hill, MD, Sept. 14, 2017 --
Who: Apache® Struts™ is a popular Open Source framework for creating enterprise-grade Java Web applications. Apache Struts powers front- and back-end applications and Internet of Things (IoT) devices for many of the world's most visible financial institutions, government organizations, technology service providers, telecommunications agencies, and Fortune 100 companies.
Apache Struts is an Apache Software Foundation Top-Level Project (since 2004) and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.
What: On 7 September 2017, credit reporting agency Equifax announced a data breach affecting 143 million consumers. https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
Following this announcement, additional claims stated that the breach was caused by CVE-2017-9805, an exploit in Apache Struts that was disclosed on 4 September 2017. https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/
On 9 September 2017, the Apache Struts PMC issued a statement on the Equifax data breach that included details on its response process to reported vulnerabilities and also provided recommended security guidelines. https://s.apache.org/8thB
On 13 September 2017, Equifax issued a statement confirming that "The vulnerability was Apache Struts CVE-2017-5638". https://www.equifaxsecurity2017.com/
This vulnerability was patched on 7 March 2017, the same day it was announced. https://cwiki.apache.org/confluence/display/WW/S2-045
In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner.
When: Apache Struts CVE-2017-5638 was originally reported on 7 March 2017.
Where: For downloads, documentation (including security guide and bulletins), and how to become involved with Apache Struts, visit http://struts.apache.org/and https://twitter.com/TheApacheStruts
About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 650 individual Members and 6,200 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hortonworks, HP, Huawei, IBM, Inspur, iSigma, LeaseWeb, Microsoft, ODPi, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF
# # #
© The Apache Software Foundation. "Apache", "Struts", "Apache Struts", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.
Sally Khudairi Vice President The Apache Software Foundation +1 617 921 8656 [email protected]
