Safeguard
Tag

apache-struts

Safeguard articles tagged "apache-struts" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Application Security

Apache Struts and the recurring pattern of path-traversal and RCE bugs

Equifax lost data on 147 million people to one unpatched Struts CVE in 2017 — and the same class of bug resurfaced in Struts as recently as December 2023.

Jul 7, 20266 min read
Vulnerability Analysis

Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax

CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.

Jul 2, 20265 min read
Vulnerability Analysis

Apache Struts remote code execution CVE history

A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.

May 4, 20267 min read
Vulnerability Analysis

Apache Struts2 RCE behind the Equifax breach (CVE-2017-5638)

CVE-2017-5638, the Apache Struts2 RCE behind the Equifax breach, exposed 147.9M records. Here's the flaw, timeline, and how to remediate it.

Jan 19, 20267 min read
Vulnerability Analysis

Apache Struts CVE-2024-53677: The Path Traversal RCE

CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.

Jan 5, 20267 min read
Vulnerability Analysis

CVE-2019-0230: OGNL remote code execution in Apache Struts2

CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.

Oct 1, 20258 min read
Vulnerability Analysis

Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares

A critical path traversal vulnerability in Apache Struts allowed RCE through file upload manipulation. The disclosure triggered flashbacks to the 2017 Equifax breach caused by a similar Struts flaw.

Dec 7, 20236 min read
Incident Analysis

Equifax: The Supply Chain Angle Few Talked About

The 2017 Equifax breach is a case study in Apache Struts, inherited dependencies, and a vulnerability management process that mistook lists for action.

Sep 15, 20177 min read
apache-struts — Safeguard Blog