Summary
A critical vulnerability has been discovered and released in the Apache Struts 2 framework. Patches are available from Apache. [1]
Impact
This vulnerability allows for unauthenticated, remote code execution on the server. Further, there are at least two known public exploits for this vulnerability [2] and ISP has already started to see scanning and exploit attempts against campus systems.