This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-020

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

DoS attacks and ClassLoader manipulation

Maximum security rating

Important

Recommendation

Developers should immediately upgrade to Struts 2.3.16.12

Affected Software

Struts 2.0.0 - Struts 2.3.16.1

Reporter

Peter Magnusson (peter.magnusson at omegapoint.se), Przemysław Celej (p-celej at o2.pl)

CVE Identifier

CVE-2014-0050 (DoS), CVE-2014-0094 (ClassLoader manipulation)

...

If you cannot upgrade to version 2.3.16.1 2 which is strongly advised, you can apply below workarounds:

...