Apache Archiva Multiple Remote Command Execution Vulnerabilities

Summary
Apache Archiva is prone to multiple remote command-execution vulnerabilities.
Impact
Successful exploits will allow remote attackers to execute arbitrary commands within the context of the affected application.
Solution
Ask the vendor for an update.
Insight
Apache Archiva use Apache Struts2: "In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code."
Affected
Apache Archiva <= 1.3.6
Detection
Send a special crafted HTTP GET request and check the response.
References