The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to an error in the way that the ExceptionDelegator component handles mismatched data types, an unauthenticated, remote attacker can execute arbitrary commands on the remote host by sending a specially crafted request order. This flaw is due to the ExceptionDelegator interpreting parameter values as OGNL expressions when there is a conversion error. Note that this plugin will only report the first vulnerable instance of a Struts 2 application.
Apache Struts 22.214.171.124 Remote Command Execution
Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection (CVE-2012-0391)
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries