http://www.zdnet.com/article/equifax-confirms-apache-struts-flaw-it-failed-to-patch-was-to-blame-for-data-breach/
>143 million names, addresses, SSNs, DOBs compromised
>due to a Java web app framework vuln with an OGNL parser allowing arbitrary command execution (CVE-2017-5638)
When will Java web apps die?
>inb4thiswaseasilypatchable
https://arstechnica.com/information-technology/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/?comments=1&post=32957185
>When will Java web apps die?
This wouldn't have happened if they had used just the core Java API.
What's the point of OGNL again?