This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
0b05a1b978021a7e230996613260f0f4ba94c92ffadf95f1ba1f5be6cacdbf23