
Equifax confirms Apache Struts security flaw  is to blame - jasondc
http://www.zdnet.com/article/equifax-confirms-apache-struts-flaw-it-failed-to-patch-was-to-blame-for-data-breach/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=27758502198945889589706697544131
======
warrenm
Sounds like they weren't paying attention to CVEs

Since it came out a couple months before the breach

~~~
warrenm
heck - just needed to read one more paragraph down:

> "The cited Apache Struts flaw dates back to March, according to a public
> vulnerability disclosure. Patches were released for the vulnerability,
> suggesting that Equifax did not install the security updates."

