Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security flaws in Apache Struts 2. The vulnerability is classified as remote code-execution and denial-of-service issues. Both vulnerabilities were addressed by the Apache team in November 2019. Unpatched installs could allow attackers to carry out malicious activities. In 2017, the credit reporting agency Equifax suffered a massive data breach, attackers exploited the CVE-2017-5638 Apache Strut vulnerability.”]
Source: https://securityaffairs.co/wordpress/107173/hacking/poc-code-exploit-apache-struts-2-flaws.html