Users must update their vulnerable libraries manually.
The flaw has existed for eight years thanks to a security change in Apache.
With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks.
The flaw opened a hole in IBM’s serverless Cloud Functions platform, potentially exposing confidential customer data.
The credit bureau Equifax said Monday the information of 145.5M Americans, was implicated in this summer’s breach.
Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.
Equifax suffered another breach of its systems, back in March, the company revealed Monday.
The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.
Equifax divulged on Wednesday that the culprit behind this summer’s breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March.