Apache Struts 2 ActionMessage Remote Code Execution Exploit

This module exploits a vulnerability in Apache Struts 2. The specific vulnerability relies on the Struts 1 plugin which might allow remote attackers to execute arbitrary code via a malicious field value passed in a raw message to the ActionMessage.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2017-9791
Product Version: 
2017_R2
Released Date: 
Tuesday, August 15, 2017 - 00:00