A zero-day vulnerability in Apache Struts 2, a web application development framework, was discovered in early January. The flaw could allow an attacker to craft a malicious Content-Type value within an HTTP request, which would cause the software to throw an exception. Security experts expect the flaw to be widely exploited. Airlines, car rental firms, e-commerce shops, social networks and government agencies are among the many types of organizations that use it. The problem, CVE-2017-5638, exists in a feature called the Jakarta Multipart Parser, which is used to upload files.”]
Source: https://www.bankinfosecurity.com/canadian-agency-narrowly-avoids-breach-from-zero-day-a-9768