A critical vulnerability has been discovered and released in the Apache Struts 2 framework. Patches are available from Apache. 
This vulnerability allows for unauthenticated, remote code execution on the server. Further, there are at least two known public exploits for this vulnerability  and ISP has already started to see scanning and exploit attempts against campus systems.
- Apache Struts 2.3.5 - Struts 2.3.31 
- Apache Struts 2.5 - Struts 2.5.10
- Upgrade to Struts 2.3.32 or Struts 188.8.131.52
- Implement a Servlet filter to validate Content-Type and throw away request with suspicious values not matching multipart/form-data.