Volexity has observed the first malicious campaign targeting the vulnerability just after the PoC was published online. Experts warn that the vulnerability is easier to exploit compared to the Equifax hack. The vulnerability is trivial to exploit, it is possible to trigger the RCE flaw when a result isnt set for a result defined in underlying XML configurations and at the same time, its upper action(s) configurations have no or wildcard names. There is an intense activity related to the Struts flaw in a number of Chinese and Russian underground forums.”]
Source: https://securityaffairs.co/wordpress/75724/hacking/cve-2018-11776-attacks.html