RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Apache Struts

Product
Developers: Apache Software Foundation
Technology: Development tools of applications

Apache Struts is a framework open source for creation of Java EE of web applications. The page of the project is struts.apache.org.

Creation

The framework is created by Craig Makklanakhan and Apache Foundation in May, 2000 is transferred. At first was in the structure of Apache Jakarta Project and it was known as Jakarta Struts. Since 2005 is the Apache project of the top level.[1]

Features

The framework is based on Java Servlet API and expands it, in the architectural plan implements (or gives the chance to implement) a pattern of MVC (Model-View-Controller/«model-Predstavleniye-Kontroller" / "Model-Vid-Kontroller" is the scheme of separation of data of the application, the user interface and control logic on three separate components (model, representation and the controller) at the expense of what modification of each component can independently be performed).

Struts supports internationalization, facilitates validation of the data obtained from a web form and provides the mechanism of creation of templates under the name Tiles which, among other things, allows to inherit web pages.

2017: Vulnerability caused date leak of 143 million credit stories

On September 12, 2017 it became known of cracking as a result of which hackers obtained data about 143 million Americans. The bureau of credit histories Equifax reported about it.

As a result of an incident malefactors got access to names, numbers of social insurance, dates of birth, the addresses and, in some cases, to numbers of car driver licenses of Americans. Numbers of bank cards of 209 thousand clients, legal documents of 182 thousand clients are stolen[2]

William Baird & Co. affirms as the report that cracking is made through vulnerability in Apache Struts framework. It is applied on the portal of rendering online services to consumers. Leak was detected on July 29, 2017. Direct cracking is carried out in the middle of May, 2017. For cracking hackers could use critical vulnerability of CVE-2017-9805 or vulnerability revealed in March, 2017 (CVE-2017-5638). Both problems allow to execute on the server the third-party code, at the same time if the web application is executed in the container Apache Tomcat started with root rights as a result of the remote attack access with root rights can be got.

According to analysts, the vulnerability which was present at a framework within nine years could cause leak. In case of Apache Struts the problem was fixed right after emergence of data on its existence (announced existence of a problem on July 17, 2017, updating with correction came out on September 5, 2017, on the same day the researchers who revealed a problem published data on vulnerability).

Apache Software Foundation does not wish to take the responsibility for the incident which took place before he knew of existence of vulnerability in Apache Struts, considering that cracking took place in May.

Experts called date leak in Equifax very serious.

File:Aquote1.png
On a scale from 1 to 10 it correspond to 10 points. It influences all credit system of the USA as nobody can change information, all use the same data.
File:Aquote2.png

Event — blow to reputation of the company which specialists are employed for protection of user data. The situation is complicated by the fact that Equifax did not take any actions after penetration on its servers in May. Theft of customer information was committed until the end of July. The reasons of silence of the company about the incident are unknown.

Notes