Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New Research Finds More Struts Vulnerabilities
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
1 Min Read
Apache Struts continues to be a critical piece of software infrastructure for many organizations, and according to new research, it continues to be a deep well of vulnerabilities from which hackers can draw.
In a new report, Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center, writes that the team investigated 115 separate Apache Struts releases and compared them with 57 security advisories covering 64 vulnerabilities. They found 61 additional Struts versions affected by at least one already disclosed vulnerability.
In addition, Mackey points out that an earlier report, the "2019 Open Source Security and Risk Analysis," showed that 43% of commercial software had vulnerabilities at least 10 years old — a reminder, he writes, that knowing about vulnerabilities is of little use if good patching and updating policies aren't followed.
For more, read here.
About the Author(s)
You May Also Like
More Insights
Webinars
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024
Events
