Atlassian FishEye Struts 2 ExceptionDelegator Remote Code Execution Exploit

The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error. This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Tuesday, April 17, 2012 - 00:00