Apache Struts CVE-2017-9791 Input Validation Bypass Vulnerability
Description
It is possible to perform a RCE attack with a malicious field value when using the Struts 2 Struts 1 plugin and it's a Struts 1 action and the value is a part of a message presented to the user, i.e. when using untrusted input as a part of the error message in theActionMessageclass.
Affected Applications
Apache Struts