{"id":76124,"date":"2017-07-19T12:56:59","date_gmt":"2017-07-19T19:56:59","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=76124"},"modified":"2025-05-27T20:27:40","modified_gmt":"2025-05-28T03:27:40","slug":"analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/","title":{"rendered":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution"},"content":{"rendered":"

Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the technique of object-graph navigation language (OGNL) injection. OGNL is an expression language that allows the setting of object properties and execution of various methods of Java classes. OGNL can be used maliciously to perform remote code execution attacks against Apache servers. In this post, we will analyze the recent vulnerability CVE-2017-9791 and offer a debugging example to demonstrate how OGNL attacks work on Apache Struts.<\/p>\n

The vulnerability is present in Struts 2.3.x (prior to Version 2.3.33) with the Struts1 plug-in and Struts1 action classes. In some cases, untrusted input is presented to the user. For this analysis, we will use one of the examples in the Showcase integration app that uses these components.<\/p>\n

Analyzing the patch diff<\/strong><\/h2>\n

The following screen shows part of the patch for the file SaveGangsterAction.java<\/a>, part of integration app, as taken from https:\/\/github.com\/apache\/struts\/commit\/73da12e723c2737bd515946588ddcd898acf584a<\/a>:<\/p>\n

\"\"<\/a><\/p>\n

Taking a closer look at the preceding image, we can see that the argument to the function messages.add has been slightly changed in the patch and \u201cStruts1.gangsterAdded\u201d has been introduced, and is defined in the globalMessages.properties<\/a>:<\/p>\n

\"\"<\/a><\/p>\n

Struts1.gangsterAdded is a key with the value \u201cGangster {0} added successfully.\u201d It will avoid executing the OGNL code, thus fixing the issue, as we will see.<\/p>\n

Debugging the code<\/strong><\/h2>\n

When we open the Struts2 Showcase integration app, we can see that it expects name, age, and other parameters and then displays the value of the \u201cname\u201d field on the confirmation screen:<\/p>\n

\"\"<\/a><\/p>\n

The name will be the vulnerable parameter. This is where we can provide OGNL code to confirm the vulnerability. A simple way to confirm the OGNL vulnerability is to provide a test input as ${1+1} or %{1+1}.<\/p>\n

Upon entering ${1+1} in the name field and setting a breakpoint on the code, we can see that it calls the function action.execute in Struts1Action.java:<\/p>\n

\"\"<\/a><\/p>\n

This step calls the vulnerable code, which creates an action message with the parameters we have provided:<\/p>\n

\"\"<\/a><\/p>\n

Next the code calls the method addMessage in Action.java, which saves the message in \u201crequestMessage\u201d list:<\/p>\n

\"\"<\/a><\/p>\n

Following this step, control returns to Struts1Action.java. Tracing the code further, we can see that the control flow reaches to the function getText method in TextProviderSupport.Java:<\/p>\n

\"\"<\/a>\"\"<\/a><\/p>\n

The code calls the method findText in LocalizeTextUtil.Java. This method is responsible for finding the local message for the key; it also evaluates the OGNL code, as we can see from comments in the code. The key is aTextName, as mentioned in the preceding image:<\/p>\n

\"\"<\/a><\/p>\n

If this method is unable to find a message for the provided key, then it calls the getDefaultMessage method:<\/p>\n

\"\"<\/a><\/p>\n

As we can see in the preceding image, there is a call to the TextParseUtil.translateVariables method, which calls another overloaded method, translateVariables, as follows:<\/p>\n

\"\"<\/a><\/p>\n

As we can see in the following screenshot, the translateVariables method calls the parser.evaluate method from OgnlTextParser.java with the key or message we found in the preceding image, as follows:<\/p>\n

\"\"<\/a><\/p>\n

The Parser.evaluate function is responsible for parsing the OGNL code from the message field. We can see that it checks for either \u201c${\u201c or \u201c%{\u201c strings in the message, creates the variable \u201cvar,\u201d and evaluates it:<\/p>\n

\"\"<\/a><\/p>\n

From the following we can see that after processing the entire message, value of var is 1+1, which is taken from the message \u201cGangster ${1+1} added successfully\u201d:<\/p>\n

\"\"<\/a><\/p>\n

After the call to evaluate the function is made, the message becomes:<\/p>\n

\"\"<\/a><\/p>\n

This means the OGNL code we have entered in the name field has been executed internally and is executing 1+1 = 2. Instead of our test input, an attacker could inject malicious OGNL code to launch a new process or download and execute a malicious file, for example.<\/p>\n

Conclusion<\/strong><\/h2>\n

Many OGNL injection vulnerabilities in Apache Struts have been reported. Attackers can take advantage of these vulnerabilities to easily perform malicious activities because exploiting OGNL injection vulnerabilities are relatively simple compared with other attack vectors.<\/p>\n

We advise users to update their Apache Struts installations to latest version. Customers of McAfee network intrusion prevention systems<\/a> are protected from this attack through signature ID 0x45205f00.<\/p>\n","protected":false},"excerpt":{"rendered":"

Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using…<\/p>\n","protected":false},"author":612,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,4452,3923,4827],"coauthors":[2095],"class_list":["post-76124","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybersecurity","tag-email-and-web-security","tag-vulnerability"],"acf":[],"yoast_head":"\nAnalyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-19T19:56:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T03:27:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1839\" \/>\n\t<meta property=\"og:image:height\" content=\"502\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hardik Shah\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hardik05\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hardik Shah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\"},\"author\":{\"name\":\"Hardik Shah\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342\"},\"headline\":\"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution\",\"datePublished\":\"2017-07-19T19:56:59+00:00\",\"dateModified\":\"2025-05-28T03:27:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\"},\"wordCount\":712,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png\",\"keywords\":[\"computer security\",\"cybersecurity\",\"email and web security\",\"vulnerability\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\",\"name\":\"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png\",\"datePublished\":\"2017-07-19T19:56:59+00:00\",\"dateModified\":\"2025-05-28T03:27:40+00:00\",\"description\":\"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342\",\"name\":\"Hardik Shah\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b151596c8b1a8dc9b25ec3b19ccfd8c0\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g\",\"caption\":\"Hardik Shah\"},\"description\":\"Hardik Shah, a Senior Research Engineer in McAfee Labs, is an experienced security researcher and technology evangelist. He has extensive experience with exploits, malware analysis, and various IPS engines. Shah enjoys figuring out ways to protect customers from the latest threats. Prior to McAfee, he worked with the IPS research team at Symantec. You can follow him on twitter at @hardik05\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/hardik05\/\",\"https:\/\/x.com\/hardik05\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/hardik-shah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog","description":"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog","og_description":"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-07-19T19:56:59+00:00","article_modified_time":"2025-05-28T03:27:40+00:00","og_image":[{"width":1839,"height":502,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png","type":"image\/png"}],"author":"Hardik Shah","twitter_card":"summary_large_image","twitter_creator":"@hardik05","twitter_site":"@McAfee","twitter_misc":{"Written by":"Hardik Shah","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/"},"author":{"name":"Hardik Shah","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342"},"headline":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution","datePublished":"2017-07-19T19:56:59+00:00","dateModified":"2025-05-28T03:27:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/"},"wordCount":712,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png","keywords":["computer security","cybersecurity","email and web security","vulnerability"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/","name":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png","datePublished":"2017-07-19T19:56:59+00:00","dateModified":"2025-05-28T03:27:40+00:00","description":"Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170718-Struts-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342","name":"Hardik Shah","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b151596c8b1a8dc9b25ec3b19ccfd8c0","url":"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g","caption":"Hardik Shah"},"description":"Hardik Shah, a Senior Research Engineer in McAfee Labs, is an experienced security researcher and technology evangelist. He has extensive experience with exploits, malware analysis, and various IPS engines. Shah enjoys figuring out ways to protect customers from the latest threats. Prior to McAfee, he worked with the IPS research team at Symantec. You can follow him on twitter at @hardik05","sameAs":["https:\/\/www.linkedin.com\/in\/hardik05\/","https:\/\/x.com\/hardik05"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/hardik-shah\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/612"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=76124"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76124\/revisions"}],"predecessor-version":[{"id":214503,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76124\/revisions\/214503"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=76124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=76124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=76124"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=76124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}