Description
Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. This version of Apache Struts is vulnerable to arbitrary code execution by providing a malicious Content-Disposition value or with improper Content-Length header. If the Content-Disposition / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user.
Remediation
Upgrade to Apache Struts version 2.3.32 or 2.5.10.1 or newer versions.