The Exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2 was published on GitHub, experts fear massive attacks. Experts warn that it is possible to trigger the RCE flaw when namespace value isnt set for a result defined in underlying XML configurations and at the same time, its upper action(s) configurations have no or wildcard namespace. The lack of proper validation for that parameter is the root of the problem. The vulnerability affects commonly-used endpoints of the popular Java framework.”]
Source: https://securityaffairs.co/wordpress/75699/hacking/cve-2018-11776-struts-flaw-attacks.html