July 25, 2017 | Posted in Red Teams by Barrett Adams   Background In recent external pen tests, we have come across several Apache Struts instances that are vulnerable to a remote code execution (RCE) vulnerability. Our usual procedure for any RCE vulnerability that we are going to exploit is to upload a small web shell which […]