Full title: Apache Struts 2 Forced Multi OGNL Evaluation Exploit 
Category: remote exploits
Platform: multiple
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.

# 0day.today @ http://0day.today/