Security researchers have discovered a critical remote code execution vulnerability in Apache Struts web application framework. The vulnerability (CVE-2017-9805) resides in the way Struts processes data from an untrusted source. Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language. The framework is being used by “an incredibly large number and variety of organisations,” including Lockheed Martin, Vodafone, Virgin Atlantic, and the IRS.
Source: https://thehackernews.com/2017/09/apache-struts-vulnerability.html