Since the release of Struts 1.0, Struts has gradually become a de facto standard for MVC (a.k.a. Model-2) implementation for developing medium-to-large scale Web-based applications on the Java ...

Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday.

In-the-wild exploits ramp up against high-impact sites using Apache Struts Hackers are still exploiting the bug to install malware on high-impact sites.

Mo first reported the findings in April. By June, the Apache Struts team published the code which resolved the problem, leading to the release of official patches on August 22.