Share
## https://sploitus.com/exploit?id=SAINT:AE1DA80E6B0E4C12B5D781794166897B
Added: 11/27/2020  
CVE: [CVE-2019-0230](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0230>)  


### Background

Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture. 

Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities. 

### Problem

Apache Struts can be forced to use double OGNL evaluation, which could allow a remote attacker to execute arbitrary code by sending a specially crafted request. 

### Resolution

[Upgrade](<http://struts.apache.org/download.cgi#struts23151>) to Struts 2.5.22 or higher. 

### References

<https://cwiki.apache.org/confluence/display/ww/s2-059>  


### Limitations

curl must be installed on the target for this exploit to succeed. 

### Platforms

Linux