All versions of Struts since 2008 are affected, said the researchers. Apache Struts is used across the Fortune 100 to provide web applications in Java, and it powers front- and back-end applications.

Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday.