All versions of Struts since 2008 are affected, said the researchers. Apache Struts is used across the Fortune 100 to provide web applications in Java, and it powers front- and back-end applications.

Struts was first released in June of 2001 and has become the de-facto standard for web application development. In December 2002 it was announced that WebWork and Struts Ti would join forces to ...

Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday.

The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. Attackers have quickly adopted it and have used it in widespread attacks since then.