apache-struts
Safeguard articles tagged "apache-struts" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Apache Struts and the recurring pattern of path-traversal and RCE bugs
Equifax lost data on 147 million people to one unpatched Struts CVE in 2017 — and the same class of bug resurfaced in Struts as recently as December 2023.
Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax
CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.
Apache Struts remote code execution CVE history
A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.
Apache Struts2 RCE behind the Equifax breach (CVE-2017-5638)
CVE-2017-5638, the Apache Struts2 RCE behind the Equifax breach, exposed 147.9M records. Here's the flaw, timeline, and how to remediate it.
Apache Struts CVE-2024-53677: The Path Traversal RCE
CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.
CVE-2019-0230: OGNL remote code execution in Apache Struts2
CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.
Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares
A critical path traversal vulnerability in Apache Struts allowed RCE through file upload manipulation. The disclosure triggered flashbacks to the 2017 Equifax breach caused by a similar Struts flaw.
Equifax: The Supply Chain Angle Few Talked About
The 2017 Equifax breach is a case study in Apache Struts, inherited dependencies, and a vulnerability management process that mistook lists for action.