Washington Post Publisher Will Lewis Steps Down After Layoffs 
Nvidia, ByteDance, and the U.S.-China AI Chip Standoff Over H200 Exports 
Nasdaq Proposes Fast-Track Rule to Accelerate Index Inclusion for Major New Listings 
Baidu Approves $5 Billion Share Buyback and Plans First-Ever Dividend in 2026 
Prudential Financial Reports Higher Q4 Profit on Strong Underwriting and Investment Gains 
Nvidia CEO Jensen Huang Says AI Investment Boom Is Just Beginning as NVDA Shares Surge 
Trump Backs Nexstar–Tegna Merger Amid Shifting U.S. Media Landscape 
SpaceX Prioritizes Moon Mission Before Mars as Starship Development Accelerates 
Rio Tinto Shares Hit Record High After Ending Glencore Merger Talks 
Missouri Judge Dismisses Lawsuit Challenging Starbucks’ Diversity and Inclusion Policies 
Weight-Loss Drug Ads Take Over the Super Bowl as Pharma Embraces Direct-to-Consumer Marketing 
Uber Ordered to Pay $8.5 Million in Bellwether Sexual Assault Lawsuit 
OpenAI Expands Enterprise AI Strategy With Major Hiring Push Ahead of New Business Offering 
Amazon Stock Rebounds After Earnings as $200B Capex Plan Sparks AI Spending Debate 
SoftBank Shares Slide After Arm Earnings Miss Fuels Tech Stock Sell-Off 
Global PC Makers Eye Chinese Memory Chip Suppliers Amid Ongoing Supply Crunch 
FDA Targets Hims & Hers Over $49 Weight-Loss Pill, Raising Legal and Safety Concerns 
Forest Hill, MD, Sept. 14, 2017 --
Who: Apache® Struts™ is a popular Open Source framework for creating enterprise-grade Java Web applications. Apache Struts powers front- and back-end applications and Internet of Things (IoT) devices for many of the world's most visible financial institutions, government organizations, technology service providers, telecommunications agencies, and Fortune 100 companies.
Apache Struts is an Apache Software Foundation Top-Level Project (since 2004) and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.
What: On 7 September 2017, credit reporting agency Equifax announced a data breach affecting 143 million consumers. https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
Following this announcement, additional claims stated that the breach was caused by CVE-2017-9805, an exploit in Apache Struts that was disclosed on 4 September 2017. https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/
On 9 September 2017, the Apache Struts PMC issued a statement on the Equifax data breach that included details on its response process to reported vulnerabilities and also provided recommended security guidelines. https://s.apache.org/8thB
On 13 September 2017, Equifax issued a statement confirming that "The vulnerability was Apache Struts CVE-2017-5638". https://www.equifaxsecurity2017.com/
This vulnerability was patched on 7 March 2017, the same day it was announced. https://cwiki.apache.org/confluence/display/WW/S2-045
In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner.
When: Apache Struts CVE-2017-5638 was originally reported on 7 March 2017.
Where: For downloads, documentation (including security guide and bulletins), and how to become involved with Apache Struts, visit http://struts.apache.org/and https://twitter.com/TheApacheStruts
About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 650 individual Members and 6,200 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hortonworks, HP, Huawei, IBM, Inspur, iSigma, LeaseWeb, Microsoft, ODPi, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF
# # #
© The Apache Software Foundation. "Apache", "Struts", "Apache Struts", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.
Sally Khudairi Vice President The Apache Software Foundation +1 617 921 8656 [email protected]
