Users of the Apache web server have been urged to patch their systems after exploits taking advantage of a remote-code execution vulnerability emerged in the Struts 2 Java web application framework.