Skip Navigation

Unraveling the Struts2 security vulnerability: A deep dive

By Aaron Linskens on December 21, 2023 security vulnerabilities

6 minute read time

Learn about the critical security vulnerability in Apache Struts2 from a Sonatype webinar covering CVE-2023-50164 with a risk of remote code execution
Read More...

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.
Read More...

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities

3 minute read time

DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities

2 minute read time

Karpovich reflected on findings from the House report that the breach at Equifax was 100% preventable -- as the vulnerability at the root of the breach was one.
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops

3 minute read time

Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake.
Read More...

How to Keep Vulnerable Versions of Struts Out of Your Nexus Repository

By Christopher Tolo on August 24, 2018 Nexus Lifecycle

3 minute read time

Use Nexus Lifecycle Continuous Monitoring and Nexus Firewall to keep vulnerable versions of Apache Struts out of your software supply chain.
Read More...

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle

2 minute read time

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018.
Read More...

I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops

5 minute read time

An open letter to the DevOps community from a cryptocurrency miner.
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...