A zero-day vulnerability in Apache Struts 2, a web application development framework, was discovered in March. The software is used for building and maintaining Java web applications. The flaw could allow an attacker to craft a malicious Content-Type value within an HTTP request, which would cause the software to throw an exception. The problem, CVE-2017-5638, exists in a Struts feature called the Jakarta Multipart Parser, which is used to upload files. No authentication credentials are required to launch the attack, and attackers might be abusing it.”]
Source: https://www.inforisktoday.com/canadian-agency-narrowly-avoids-breach-from-zero-day-flaw-a-9768