The DefaultActionMapper class in Apache Struts 2 supports a method for short-circuit navigation state changes by prefixing parameters like "redirect:" or "redirect-action:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.
CVE Link
Product Name