While a patch is available from the Apache Software Foundation, researchers say that numerous companies may need to wait until vendors push security updates out to their own products.
Attackers were scanning for CVE-2021-41773 in the Apache web server several days before the flaw was disclosed publicly.
Apache has released a fix for a path traversal flaw (CVE-2021-41773) that has been exploited in the wild.
A vulnerability in Apache Struts (CVE-2019-0230) can lead to remote code execution in some circumstances.
The Department of Justice indicted four members of China's People's Liberation Army in connection with the Equifax data breach in 2017.