Threat Encyclopedia



This indicates a possible attack against a Command Execution vulnerability in Apache Struts 2.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may exploit this by sending a specially crafted HTTP request to a vulnerable system. A successful attack may allow an attacker to execute arbitrary OGNL expressions in the security context of the web application server.

Affected Products

Apache Software Foundation Struts 2 prior to
Apache Software Foundation Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16


System Compromise: Remote attackers can gain control of vulnerable systems.