Description
Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. This version of Apache Struts is vulnerable to arbitrary code execution by providing a malicious Content-Disposition value or with improper Content-Length header. If the Content-Disposition / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user.
Remediation
Upgrade to Apache Struts version 2.3.32 or 2.5.10.1 or newer versions.
References
Related Vulnerabilities
Invision Power Board version 3.3.4 unserialize PHP code execution
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)
WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)