---

Apache Struts Vulnerability Under Attack

The open-source Apache Struts 2 technology is a widely used framework component in Java applications and it’s currently under attack. The attacks follow the March 6 disclosure by the Struts project for a Remote Code Execution (RCE) vulnerability identified as CVE-2017-5638.

The CVE-2017-5638 issue was patched the same day as the Struts project made the disclosure, though multiple security firms have observed that attackers are actively going after unpatched systems.