Apache Struts 2 devMode OGNL Remote Code Execution Exploit Update

The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. This update fixes the CVE identifier associated with the vulnerability exploited by this module.
Exploit type: 
Vulnerabilty ID: 
CVE-2012-0394
Product Version: 
2014_R1
Released Date: 
Friday, July 18, 2014 - 00:00