Credit: Meder Kydyraliev
Do you use the Struts2 framework in your enterprise web application? Meder Kydyraliev discovered that an single HTTP request with just five special parameters is enough to execute arbitrary Java code on the webserver. Meder gets bonus points for having to track down developers on IRC to get the vulnerability fixed after receiving no response from [email protected].