https://cwiki.apache.org/confluence/display/WW/S2-045
Struts 2 Developers
Possible RCE when performing file upload based on Jakarta Multipart parser Maximum security rating High
Upgrade to Struts 2.3.32 or Struts 2.5.10.1
Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10
Filter to intercept all requests that are coming to the struts2 application and then reject the invalid content Types,its a simple workaround as you prepare to migrate to the latest stable release of struts as recommended by the struts team.
The recommended versions as mentioned in the wiki are shown above.
Include the filter in your web.xml
part test.MultipartRequestFilter part /*feel free to use the filter and contact for anyissue in installing or configuring the filter. fredndk@gmail.com