Apache Struts includeParams Remote Code Execution Exploit

Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. This module leverages the vulnerability to install an agent in vulnerable installation.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-1966
Product Version: 
2014_R2
Released Date: 
Thursday, September 18, 2014 - 00:00