Struts Remote Command Execution Vulnerability

Summary
This host is running Struts and is prone to remote command execution vulnerability.
Impact
Successful exploitation will allow attackers to manipulate server-side context objects with the privileges of the user running the application. Impact Level: Application.
Solution
Upgrade to Struts version 2.2 or later For updates refer to http://struts.apache.org/download.cgi
Insight
The flaw is due to an error in 'OGNL' extensive expression evaluation capability in XWork in Struts, uses as permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the '#' protection mechanism in ParameterInterceptors via various varibles.
Affected
Struts version 2.0.0 through 2.1.8.1
References