Talos has observed a new Apache vulnerability that is being actively exploited in the wild. The vulnerability (CVE-2017-5638) is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts. The majority of the exploitation attempts seem to be leveraging a publicly released PoC. The payloads being delivered vary considerably and to their credit many of the sites have already been taken down and the payloads are no longer available. Talos recommends immediate upgrading if possible or following the work around referenced in this security advisory.”]
Source: https://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html