Apache Struts Summoned For Issuing Misleading Security Advisories

Apache Struts Summoned For Issuing Misleading Security Advisories

Updated On:

Apache Struts, a pioneering open source project has been set ablaze for issuing misleading security advisories that may have placed unnecessary danger to users of its software.

Security vendor Synopsys analyzed 115 separate releases for popular web application framework Apache Struts and matched them up against the relevant advisories from the open source project.

new_releases

iPhone XI COLORS Leak: We Never Seen Two New Color Shades From Apple Before

In total, 24 of the 57 Apache Struts security advisories – nearly half – made mistakes when listing the versions of the framework that were impacted by vulnerabilities.

In fact, 61 additional versions of Struts were impacted by at least one previously disclosed vulnerability, potentially exposing users to attack.

In fact, 61 additional versions of Apache Struts were impacted by at least one previously disclosed vulnerability, potentially exposing users to attack.

While our findings included the identification of versions that were falsely reported as impacted in the original disclosure, the real risk for consumers of a component is when a vulnerable version is missing in the original assessment,” Synopsys argued.

Given that development teams often cache ‘known good’ versions of components in an effort to ensure error-free compilation, under-reporting of impacted versions can have a lasting impact on overall product security.

On the plus side, the Apache Software Foundation and Apache Struts team were praised for their “diligence” in collaborating with Synopsys on fixing the mistakes. An updated Apache Struts Security Advisories page was published earlier this week.

new_releases

Project Soli, Remastered: How Radar-Detected Gestures Might Differ Pixel 4

Apache Struts will be known to many as the web app framework which Equifax failed to patch back in 2017, leading to a major breach of personal and financial information on more than half of all Americans and millions of United Kingdom consumers.

That incident of issuing misleading security advisories already has cost the credit agency in excess of $1BN, as well as the jobs of the CEO and other senior executives.

, , , , , , , , , , , , ,
Previous Post
The Divergence Between Intelligence, Data And Information
Next Post
Facebook Includes Instagram To Bug Bounty Program For Data Abuse

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Menu

Pin It on Pinterest