contact us

RiskSense’s Apache Struts Report: How Do These Vulnerabilities Affect Your Organization?

by Mar 16, 2018

RiskSense’s Apache Struts Report: How Do These Vulnerabilities Affect Your Organization?

Last year, an unpatched Apache Struts vulnerability was the foundation of a significant data breach that forced Apache Struts into the spotlight. This vulnerability, CVE-2017-5638, emphasized the impending risks for Apache Struts-based applications.

Although this data breach was revealed to the public near the end of 2017, the vulnerability itself had been disclosed by the vendor and the National Vulnerability Database several months earlier. RiskSense researchers uncovered an applicable exploit for the vulnerability and was able to prioritize this vulnerability for our clients within sixteen days of exploit discovery. Not everyone was so lucky.

RiskSense’s vulnerability prioritization process is supported by weaponization pattern mining and exploitability analysis. This type of pattern analysis allowed us to predict vulnerability exploitability and use this information to prioritize vulnerabilities for remediation.

We presented these findings and observations on vulnerability weaponization and related exploit patterns for Apache Struts vulnerabilities in our Apache Struts Spotlight Report. In this spotlight report, we analyze Apache Struts-related vulnerability weaponization patterns spanning the last decade. We also provide additional insight into exploit patterns and explain how these patterns can define an organization’s risk management strategy.

You can find our Apache Struts Spotlight Report here.

RiskSense Logo

RiskSense®, Inc. provides vulnerability management and remediation prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform delivers Risk-Based Vulnerability Management, Application Security Orchestration and Correlation, in addition to our Vulnerability Knowledge Base.These products bring insight to the wide views of vulnerability risk with adversarial threat-context and ties to ransomware. With Vulnerability Risk Rating, threat analytics, and automated playbooks prioritize actions for critical security weaknesses dramatically improving security and IT efficiency and effectiveness of managing attack surface risk.

Contact us at

+1 505-217-9422

Follow Risksense on LinkedIn Follow Risksense on Twitter

© 2021 RiskSense, Inc. All rights reserved.
Legal Notices, Privacy Policy, and Customer Agreements | Site Map