CVE-2014-0094

This repository contains a writeup and setup instructions for attempting to reproduce CVE-2014-0094, a vulnerability in Java classloading. The author notes that while the classLoader is functional, the logs are percent-encoded, preventing successful RCE.

This repository provides a test program and mitigation for CVE-2014-0094, a vulnerability in Apache Struts 1 that allows arbitrary file disclosure and potential remote code execution via manipulation of classLoader properties. The PoC includes a custom SafeResolver to block malicious property access.

This Metasploit module exploits a ClassLoader manipulation vulnerability in Apache Struts 1.x and 2.x, allowing remote code execution via crafted parameters. It includes multiple targets for Java, Linux, and Windows, and supports both direct exploitation and SMB-based payload delivery.

This Metasploit module exploits CVE-2014-0094 in Apache Struts by manipulating the ClassLoader via crafted parameters, allowing remote code execution. It deploys a JSP payload to achieve RCE on vulnerable systems.