Update: 2:33 pm EST, 16 March 2017 - Struts2 Exploits in Japan
- Japan Post breach using Apache Struts2 vulnerability leads to 29,000 account leaks: http://exci.to/2mqMAwU
- Struts2 exploit of Okinawa electric power site leads to unauthorized access, email addresses outflow of about 6,500 accounts http://dlvr.it/Ndv4XY
- Hacker Exploits Apache Struts2 Vulnerability in Statistics Canada Site http://bit.ly/2njlDiX via @Motherboard http://metacurity.com/#298562
- Canada Revenue Agency breach covered here: http://securityaffairs.co/wordpress/57130/hacking/cra-apache-struts-hack.html
Update: 11:00am EST, 16 March 2017 - Podcast interview
Listen to Brian Fox and Shannon Lietz talk about the struts 2 vulnerabiy announcement, how you can determine if you're affected, and what you can do about it.
Update: 9:00am EST, 13 March 2017 - Video explaining exploits and remediation
Update: 3:00pm EST, 10 March 2017 - Speed Matters
When it comes to 0-day vulnerabilitities, speed matters. Sonatype's research team curates our data and publishes information on the vulnerability, known exploits, and remediation paths as quickly as possible.
As of 3:00pm EST, the National Vulnerability Database indicates a pending CVE, but details have not yet been updated.