A zero-day vulnerability in Apache Struts web application framework is being actively exploited in the wild. Cisco’s Threat intelligence firm Talos announced the team observed a number of active attacks against the vulnerability (CVE-2017-5638) The issue is a remote code execution vulnerability in the Jakarta Multipart Parser. The vulnerability, documented at Rapid7’s Metasploit Framework GitHub site, has been patched by Apache. The researchers urge administrators to upgrade their systems to version 2.3.32 or 2.5.10.1.
Source: https://thehackernews.com/2017/03/apache-struts-framework.html