WHY STUDENT PREFER US?  
4.9/5

5 Star Rating

93940

Orders Deliver

3949

PhD Experts

24x7

Support

100%

Privacy

100%

Top Quality

Sample Details

Common Vulnerability Exposures

Number Of View : 106

Download : 0

Pages: 3

Words : 592

Question :

 

Question to answer: Based on your existing knowledge and the CVE unit resources, what do you think these code examples are trying to accomplish? What is the flaw in Apache Struts that is allowing these exploits to work? 

Question to answer: You are on the team tasked with fixing this Struts error for your organization. What sort of information do you need to gather before creating your plan of action? What can go wrong if you don’t have all the information gathered?

Question to answer: How angry are you at Equifax for allowing this vulnerability to remain unpatched for so long? Why do you think the patching was delayed? What would you have done differently?

 

Answer :

 

CVE stands for Common Vulnerabilities and Exposures. It works as the free dictionary toidentify vulnerabilities in software and firmware for the improvement of the security of the organization. 

 

Explanation of the code out of the CVE

Apache struts are the framework of an open-source, free, MVC structure that enables in craftinganup-to-date Java web application. The code of CVE 2017-5638 is vulnerable and remote code execution which helps the attackers to attack. This code affects the Apache struts through Jakarta Multipart parser(Cogswell, Greenan& Greyson, 2018). Apache Struts remote code execution with 2.3.5<2.3.31/2.5<2.5.10 of the Jakarta Multipart parser promotes the file uploading misuse. Then it permits the attackers to perform the function through a command #cmd= string for the crafted Content-Type HTTP header. 

 

Flaws in Apache Struts

There is vulnerability in the open-source web application for modern Java web applicationframework Apache Struts. The vulnerabilities cause with the meeting of the conditions such as – 

When the Struts configuration is going to be set SelectFullNamespace has to be always set.

When the Struts configuration file has the tag <action..> it does not mean to denote the non-compulsory attribution of namespace or wildcard namespace.

 

Fixing the Struts error

For fixing this configuration error for the organization up-gradation of Apache Struts version is required in the version of 2.3.35 or 2.5.17. it will help to fix the current vulnerability and every time the users should verify the settings of "namespace" (Nakagawa et al., 2019). The user should not forget to set the current action for the URL tags in the JPS either the condition where it requires having the upper action configuration without or wildcard namespace. 

The organization needs to collect information for the creation of the plan. The organization requires knowing the version of the Apache Struts framework is being used in the company currently.

 

Patching delay 

The delay in patching has made me angry as Equifax uses trusted unique data being a global information solution company. Patching delay and unfixing the error of the Apache Struts code can lead to the vulnerability attack on the company information (Cogswell, Greenan& Greyson, 2018). In order to take steps I have put a fraud alert on credit report besides looking on bank account and credit card statements.Because patching is a time consuming process to implement in the organization and it has to done manually so the authorities of the company has delayed in patching. Alternative tothe Equifax patching can be made through schedule a window, by downloading patches. The virtual server can be implement and by the verification of installed patches. Also it need to follow up regularly. 

 

References:

Cogswell, A., Greenan, B. J., & Greyson, P. (2018). Evaluation of two common vulnerability index calculation methods. Ocean & Coastal Management, 160, 46-51.

Nakagawa, S., Nagai, T., Kanehara, H., Furumoto, K., Takita, M., Shiraishi, Y., ...&Morii, M. (2019). Character-Level Convolutional Neural Network for Predicting Severity of Software Vulnerability from Vulnerability Description. IEICE Transactions on Information and Systems, 102(9), 1679-1682.

 

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Order Now

Get Help Instantly

    FREE FEATURES

    Limitless Amendments

    $09.50 free

    Bibliography

    $10.50 free

    Outline

    $05.00 free

    Title page

    $07.50 free

    Formatting

    $07.50 free

    Plagiarism Report

    $10.00 free

    Get all these features for $50.00

    free

    Latest Blog Boost your grades with expert tips and tricks from our academic blog.

    Learn How to Write an Argumentative Essay Outline

    Have you been asked to write an argumentative essay by your instructor? If yes, then before you begin writing an argumentative essay, first select a good […]

    90 Outstanding Literary Research Topics and Ideas

    Are you seeking compelling literary research topics? No matter whether you are creating a master’s thesis or writing a college essay, the topic you choose […]

    10 Best Essay Writing Apps for Students [2024]

    If you are a student, then during your scholastic life you will be required to write many types of essay assignments. Since essay writing involves […]

    View More Blogs

    Let's Talk

    Enter your email, and we shall get back to you in an hour.