https://www.theregister.co.uk/2017/09/27/oracle_emergency_apache_struts_2_patches/

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability.

Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to build Web interfaces and bake Struts 2 into their their Web application framework.