Apache Struts research at scale, Part 3: Exploitation
During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts).
Posted in Software Security Research
Christopher Fearon
Focusing on delivering maximum security & customer value, Christopher is dedicated to redefining Open Source Software vulnerability disclosure & management processes. Multiple years of experience within large financial and private sector security roles, Christopher has developed both security leadership and expertise in the areas of application security, incident response & strategic research planning, including the adoption and effective implementation of Open Source software.
Posts by Christopher Fearon:
Apache Struts research at scale, Part 2: Execution environments
During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.
Posted in Software Security Research
Apache Struts research at scale, Part 1: Building 115 versions of Struts
When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.
Posted in Software Security Research
Examining Apache Struts remote code execution vulnerabilities
Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.
Posted in Data Breach Security, Open Source Security, Software Architecture & Design
Apache Struts research at scale, Part 2: Execution environments
During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.
Posted in Software Security Research
Apache Struts research at scale, Part 1: Building 115 versions of Struts
When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.
Posted in Software Security Research
Examining Apache Struts remote code execution vulnerabilities
Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.
Posted in Data Breach Security, Open Source Security, Software Architecture & Design
