This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 – 2.3.31, and 2.5 – 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server’s temp dir. If this fails, try a cmd/* payload, which won’t have to write to the disk.