China Life website exposes "old loophole" 1 years ago

A few days ago, the world's largest vulnerability response platform-the patch-response platform (butian.360.cn) disclosed a Chinese longevity website struts2 loophole. This vulnerability, though urgently repaired, has once again sparked concern in the industry over the slow fixes. November 30, white hat "handsome Lingyun" through the patch-day vulnerability response platform to the China Life Insurance website submitted a struts2 security loophole; December 10, Chinese longevity officials said the flaw had been repaired and paid a corresponding reward for the white hat that submitted the loophole. It is understood that the Struts2 loophole was discovered in July 2013. The vulnerability could enable hackers to remotely invade Web servers for data theft or DDoS attacks, and 360 of other security vendors issued timely alerts and protection methods. However, according to the statistical data of the patch response platform, many companies have not been repaired, and there are still a large number of websites. Figure: A number of enterprises still exist Struts2 Vulnerability Patch Response platform responsible, 360 site security director Zhao revealed that many sites lack of professional security team operation, the security company's vulnerability warning delayed repair, resulting in many web sites become hackers control of the "broiler." According to the "2013 China Web site Report" shows that due to the lack of a patch of the push mechanism, resulting in the domestic web site vulnerabilities average repair cycle up to 71 days. In order to solve the problem of the site vulnerability repair, 360 launched the host Guardian product (webscan.360.cn/guard/index.html). It can quickly find back doors and vulnerabilities, automatic patching of Web site systems, quick repair site vulnerabilities. In order to further enhance the security of the website, 360 host Guardian recently released the "China Web site security anti-Black alliance version." In addition to having the function of automatically patching to the website, this version also has the protection against the web loophole attack, eliminates the ARP virus and hangs the horse, effectively protects the cloud host and the server security. Patch-Day Vulnerability Response Platform (butian.360.cn) is a professional platform to connect enterprises and white hats, through the help of enterprises to establish SRC, enterprises to find the most rapid loopholes, white hat to obtain the fastest return, the maximum degree of protection of enterprise network security, so as to maximize the protection of enterprise network security.