Struts is a popular open source framework for building Servlet/JSP based web applications. The vulnerability (CVE-2017-5638) is a remote code execution bug that affects the Jakarta Multipart parser in Apache which is used for uploading files. It allows an attacker to perform an unauthenticated remote code execution by crafting a special Content-Type value in an HTTP request.
The vulnerability is fixed in the latest version of Apache Struts 2. If you are using Jakarta-based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 22.214.171.124 or higher.
In the last 2 days our web monitoring service Triggerfish has detected an increasing number of attack attempts where automated scanners are looking for affected web pages.