CVE-2014-0094

EXPLOITED LAB

Apache Struts 2.0.0-2.3.16.1 - Remote Code Execution via Class Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-0094 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including y0d3n, HasegawaTadamitsu.

AI-analyzed exploit summary This repository contains a writeup and setup instructions for attempting to reproduce CVE-2014-0094, a vulnerability in Java classloading. The author notes that while the classLoader is functional, the logs are percent-encoded, preventing successful RCE.

Description

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

Exploits (4)

nomisec WRITEUP 1 stars
by y0d3n · poc
https://github.com/y0d3n/CVE-2014-0094

This repository contains a writeup and setup instructions for attempting to reproduce CVE-2014-0094, a vulnerability in Java classloading. The author notes that while the classLoader is functional, the logs are percent-encoded, preventing successful RCE.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Java (7u55-jdk), Tomcat (8.0.5), Struts (2.3.16)
No auth needed
Prerequisites: Java 7u55-jdk · Tomcat 8.0.5 · Struts 2.3.16
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by HasegawaTadamitsu · poc
https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1

This repository provides a test program and mitigation for CVE-2014-0094, a vulnerability in Apache Struts 1 that allows arbitrary file disclosure and potential remote code execution via manipulation of classLoader properties. The PoC includes a custom SafeResolver to block malicious property access.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts 1.3.10 (and other versions)
No auth needed
Prerequisites: Apache Struts 1 application running on a vulnerable servlet container (e.g., Tomcat 6/8)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/41690

This Metasploit module exploits a ClassLoader manipulation vulnerability in Apache Struts 1.x and 2.x, allowing remote code execution via crafted parameters. It includes multiple targets for Java, Linux, and Windows, and supports both direct exploitation and SMB-based payload delivery.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts 1.x (<= 1.3.10) and 2.x (< 2.3.16.2)
No auth needed
Prerequisites: Network access to the target Struts application · Struts application with vulnerable ClassLoader manipulation
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/33142

This Metasploit module exploits CVE-2014-0094 in Apache Struts by manipulating the ClassLoader via crafted parameters, allowing remote code execution. It deploys a JSP payload to achieve RCE on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts < 2.3.16.2
No auth needed
Prerequisites: Target running vulnerable Apache Struts version · Network access to the Struts application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (15)

Core 15
Core References
Permissions Required third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59178
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
Third Party Advisory x_refsource_confirm
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531362/100/0/threaded
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN19294237/index.html
Vendor Advisory x_refsource_confirm
http://struts.apache.org/release/2.3.x/docs/s2-020.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676706
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56440
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029876
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532549/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65999

Scores

EPSS 0.9313
EPSS Percentile 99.8%

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/java:7u55-jdk

Details

VulnCheck KEV 2022-05-11
Status published
Products (3)
apache/struts 2.0.0 - 2.3.16.1
org.apache.struts/struts2-core 2.0.0 - 2.3.16.2Maven
org.apache.struts.xwork/xwork-core 2.0.0 - 2.3.16.2Maven
Published Mar 11, 2014
Tracked Since Feb 18, 2026