Apache Struts2 Remote Command Execution (S2-052)

Description
  • Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.
Remediation
  • Upgrade to Struts 2.5.13 or Struts 2.3.34.
References