Hackers are exploiting a critical remote code execution vulnerability in Apache Struts 2, tracked as CVE-2017-9805, that was patched a few days ago. At least 65 percent of Fortune 100 companies use Struts and they could all be exposed to remote attacks due to this vulnerability. Experts warn that the Struts REST communication plugin fails to handle XML payloads while deserializing them. The vulnerability is related to the way Struts deserializes untrusted data, it affects all versions of Apache Strut since 2008.”]
Source: https://securityaffairs.co/wordpress/62865/hacking/cve-2017-9805-struts-flaw.html