Published: 29/04/2014 Updated: 12/08/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

ParametersInterceptor in Apache Struts prior to 2.3.20 does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

Synopsis Important: Red Hat Fuse 73 security update Type/Severity Security Advisory: Important Topic A minor version update (from 72 to 73) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has ...

ParametersInterceptor in Apache Struts before 23162 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094 ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking # It's going to manipulate the Class Loader include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # It's going to manipulate the Class Loader include Msf::Exploit::FileDropper include Msf::Exploit::EXE include M ...

CVE-2014-0114 - Sårbarhet i Struts 1 Parametrar i en POST- eller GET-request hanteras som egenskaper (properties) som ska sättas med formuläret som utgångspunkt Parametrar kan vara en sökväg till ett nästlat objekt Apache Struts 1x kan manipuleras att anropa getClass() på Form Beans Tex kan man direkt manipulera attribut på

CWE-264 http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 https://bugzilla.redhat.com/show_bug.cgi?id=1091939 http://jvn.jp/en/jp/JVN19294237/index.html https://cwiki.apache.org/confluence/display/WW/S2-021 http://secunia.com/advisories/59500 http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://www.vmware.com/security/advisories/VMSA-2014-0007.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www-01.ibm.com/support/docview.wss?uid=swg21676706 http://www.securityfocus.com/bid/67064 http://secunia.com/advisories/59178 http://www.securityfocus.com/archive/1/532549/100/0/threaded http://www.securityfocus.com/archive/1/531952/100/0/threaded https://access.redhat.com/errata/RHSA-2019:0910 https://access.redhat.com/errata/RHSA-2019:0910 https://nvd.nist.gov https://www.exploit-db.com/exploits/33142/https://access.redhat.com/security/cve/cve-2014-0112

CVE-2014-0112

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect