This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-020

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Who should read this

All Struts 2 developers and users

Impact of vulnerability

DoS attacks and ClassLoader manipulation

Maximum security rating



Developers should immediately upgrade to Struts

Affected Software

Struts 2.0.0 - Struts 2.3.16


Mark Thomas (markt at apache.orgPeter Magnusson (peter.magnusson at, Przemysław Celej (p-celej at

CVE Identifier

CVE-2014-0050 (DoS), CVE-2014-0094 (ClassLoader manipulation)