7.5
CVSSv2

CVE-2014-0113

Published: 29/04/2014 Updated: 12/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

CookieInterceptor in Apache Struts prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheStruts2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.11.1, 2.0.11.2, 2.0.12, 2.0.13, 2.0.14, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.8.1, 2.2.1, 2.2.1.1, 2.2.3, 2.2.3.1, 2.3.0, 2.3.1, 2.3.1.1, 2.3.1.2, 2.3.3, 2.3.4, 2.3.4.1, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.14.1, 2.3.14.2, 2.3.14.3, 2.3.15, 2.3.15.1, 2.3.15.2, 2.3.15.3, 2.3.16, 2.3.16.1

Vendor Advisories

CookieInterceptor in Apache Struts before 23162, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094 ...
Oracle Critical Patch Update Advisory - April 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch ...

Exploits

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking # It's going to manipulate the Class Loader include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include ...

Github Repositories

Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage > mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------

Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage > mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------