Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass
source: https://www.securityfocus.com/bid/50940/info
Apache Struts is prone to a security-bypass vulnerability that allows session tampering.
Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access.
Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected.
http://www.example.com/SomeAction.action?session.somekey=someValue