Researchers have identified a major security flaw (CVE 2017-9805) in the Apache framework (Apache Struts REST Plugin) which could allow the hackers to inject malicious code to either steal critical customer data or cause service disruption of any server running an application built using the Struts framework and using the popular REST communication plugin.
This vulnerability is designated by CVE 2017-9805.
Versions affected: Versions released since 2008.
Fix: Upgrade the Apache Framework to 2.3.34 and 2.5.13.
https://struts.apache.org/announce.html
Further reading:
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement