Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a number of active attacks.
In an advisory issued on Monday, Apache says the problem with Struts exists within the Jakarta Multipart parser.
"It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user," the warning explained.