Full title: Apache Struts ParametersInterceptor Remote Code Execution 
Category: remote exploits
Platform: multiple
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.

# 0day.today @ http://0day.today/