This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-020

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

DoS attacks and ClassLoader manipulation

Maximum security rating

Important

Recommendation

Developers should immediately upgrade to Struts 2.3.16.1

Affected Software

Struts 2.0.0 - Struts 2.3.16

Reporter

Mark Thomas (markt at apache.orgPeter Magnusson (peter.magnusson at omegapoint.se), Przemysław Celej (p-celej at o2.pl)

CVE Identifier

CVE-2014-0050 (DoS), CVE-2014-0094 (ClassLoader manipulation)

...