Please have a look at this recently announced Remote Code Execution vulnerability affecting Apache Struts2 (Jakarta Multipart parser).
Malicious "Content-Type" Header values are being used to throw an exception and execute code.
It is being actively exploited the last few days.
Mar 9th 2017
2 weeks ago