Home / Expert Answers / Computer Science / 34-equifax-has-been-intensely-investigating-the-scope-of-the-intrusion-with-the-assistance-of-a-lead-pa650

(Solved): "Equifax has been intensely investigating the scope of the intrusion with the assistance of a leadin ...



"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," company officials wrote in an update posted online. "We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement." FURTHER READING Critical vulnerability under “massive” attack imperils high-impact sites [Updated] The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available. Thursday's disclosure strongly suggests that Equifax failed to update its Web applications, despite demonstrable proof that the bug gave real-world attackers an easy way to take control of sensitive sites. An Equifax representative didn't immediately respond to an e-mail seeking comment on this possibilit As Ars warned in March, patching the security hole was labor intensive and difficult, in part because it involved downloading an updated version of Struts and then using it to rebuild all apps that used older, buggy Struts versions. Some websites may depend on dozens or even hundreds of such apps, which may be scattered across dozens of servers on multiple continents. Once rebuilt, the apps must be extensively tested before going into production to ensure they don't break key functions on the site. Equifax's update confirms a report published last week by a firm called Baird Equity Research. It provided no source for the claim that Equifax was breached through an unidentified Apache Struts vulnerability. Two days later, the Apache Software Foundation issued a statement saying it didn't know one way or the other if a Struts vulnerability was involved. CVE-2017-5638 is separate from CVE-2017-9805, an Apache Struts vulnerability that was patched last week. Apache Struts is a framework for developing Java-based apps that run both front-end and back-end Web servers. It is relied on heavily by banks, government agencies, large Internet companies, and Fortune 500 companies. Experian, one of the three big credit reporting services, and annualcreditreport.com, which provides free credit reports, both reportedly rely on Apache Struts as well. Up to now, Equifax has said only that criminals exploited an unspecified application vulnerability on its US site to gain access to certain files. Now, we know that the flaw was in Apache Struts and had been fixed months before the breach occurred. What is the CVE of this particular vulnerability? Who discovered it? What are the CVSS score of the vulnerability? Has a patch been released? If so, when? Has the vulnerability been exploited? How easily available is the exploit? What is the effect of successful exploitation?



We have an Answer from Expert

View Expert Answer

Expert Answer


We have an Answer from Expert

Buy This Answer $5

Place Order

We Provide Services Across The Globe