Apache Struts 2.0.x < 2.0.9 RCE (S2-001)
Critical Nessus Plugin ID 117365
SynopsisA web application running on the remote host uses a Java framework that is affected by a possible remote code execution.
DescriptionThe version of Apache Struts running on the remote host is 2.0.x prior to 2.0.9. It, therefore, is affected by a possible remote code execution vulnerability when OGNL expressions are evaluated in a form field.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 2.0.9 or later