CVE-2015-1831 - Talkative Penile

Description

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to \compromise internal state of an application\ via unspecified vectors.

Reference

https://struts.apache.org/docs/s2-024.html http://www.securityfocus.com/bid/75940 http://www.securitytracker.com/id/1032985