Reply to post:

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Sykowasp

I'm going to guess that patching Struts on hundreds of internal applications was decided to be too difficult in a short time.

So they patched their external-facing routers/firewalls to remove #cmd=xyz strings from http headers.

And it went wrong or wasn't applied everywhere, regardless, the attacker found a way past this to an affected server.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019