Apache Struts 2 REST Plugin Remote Code Execution Exploit

The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled.
Platform: 
Vulnerabilty ID: 
CVE-2016-3087
Product Version: 
2016_R1
Released Date: 
Thursday, June 23, 2016 - 00:00