The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.
Read more here – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2