## https://sploitus.com/exploit?id=SAINT:1126B0AA9A8BD987E404F1746F1D8BFA
Added: 11/27/2020
CVE: [CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>)
### Background
Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.
Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities.
### Problem
Apache Struts can be forced to use double OGNL evaluation, which could allow a remote attacker to execute arbitrary code by sending a specially crafted request.
### Resolution
[Upgrade](<http://struts.apache.org/download.cgi#struts23151>) to Struts 2.5.22 or higher.
### References
<https://cwiki.apache.org/confluence/display/ww/s2-059>
### Limitations
curl must be installed on the target for this exploit to succeed.
### Platforms
Linux