Equifax Blames Breach on Apache Struts Flaw
Infosecurity Magazine | September 14, 2017
The vulnerability allows remote attackers to execute arbitrary commands via a string in a crafted Content-Type HTTP header, and was patched in March 2017. In an updated statement on its Equifax Security website, it said that it has been “intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted” and the firm determined that the attackers exploited the website application vulnerability.