Red Hat Bugzilla – Bug 807485
CVE-2012-1592 struts2: xsltResult local code execution flaw
Last modified: 2012-03-28 19:09:00 EDT
It was reported  that Apache Struts2 suffers from a local code execution flaw when processing malformed XSLT files. This could allow a malicious remote user able to upload an arbitrary file and then view it (such as a graphics file), and execute arbitrary code with the privileges of the struts2 process user.
NOTE: During normal usage, applications that receive untrusted input/files from remote users are expected to properly sanity-check the file and, if nothing else, not immediately make the file uploaded by an untrusted user, available to an untrusted user, without first checking the file.
This was assigned CVE-2012-1592 as per:
Not Vulnerable. This issue only affects struts 2, it does not affect the
versions of struts as shipped with various Red Hat products.