This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-020

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Who should read this

All Struts 2 developers and users

Impact of vulnerability

DoS attacks and ClassLoader manipulation

Maximum security rating



Developers should immediately upgrade to Struts

Affected Software

Struts 2.0.0 - Struts


Peter Magnusson (peter.magnusson at, Przemysław Celej (p-celej at

CVE Identifier

CVE-2014-0050 (DoS), CVE-2014-0094 (ClassLoader manipulation)


If you cannot upgrade to version 2 which is strongly advised, you can apply below workarounds: