Vulnerability
Apache Struts 2 is a sophisticated, extensible platform for developing enterprise-grade Java web applications. There is a remote code execution vulnerability in Apache Struts S2-032. This vulnerability exists when Dynamic Method Invocation (DMI) is enabled. Because expressions passed to the server side are not adequately validated using the method: prefix.
Mitigation / Precaution
If Direct Method Invocation (DMI) is enabled, disable it.
Update your Apache Struts Server, to the latest version to eliminate this vulnerability.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
