Apache Struts2 Redirection and Security Bypass Vulnerabilities

Summary
This host is running Apache Struts2 and is prone to redirection and security bypass vulnerabilities.
Impact
Successful exploitation will allow remote attacker to execute arbitrary arbitrary Java code via OGNL (Object-Graph Navigation Language) or redirect user to a malicious url.
Solution
Upgrade to Apache Struts 2 version 2.3.15.1 or later, For updates refer to http://struts.apache.org
Insight
Flaws are due to improper sanitation of 'action:', 'redirect:', and 'redirectAction:' prefixing parameters before being used in DefaultActionMapper.
Affected
Apache Struts 2.0.0 to 2.3.15
Detection
Send an expression along with the redirect command via HTTP GET request and check whether it is redirecting and solve the expression or not.
References