Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass

source: https://www.securityfocus.com/bid/50940/info

Apache Struts is prone to a security-bypass vulnerability that allows session tampering.

Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access.

Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected. 

http://www.example.com/SomeAction.action?session.somekey=someValue