http://struts.apache.org/docs/s2-016.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017
Metasploit Framework Exploit Module for Apache Struts Content-Type exploit Have not tested against a windows server but tested against a linux server using the payload of generic/shell_bind_tcp