Уязвимость CVE-2014-0114

Пакет	Статус	Версия исправления	Релиз	Тип
libstruts1.2-java	fixed	1.2.9-9		package
commons-beanutils	fixed	1.9.2-1		package
commons-beanutils	no-dsa		wheezy	package
commons-beanutils	no-dsa		squeeze	package

CVE-2014-0114

ubuntu

больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

CVE-2014-0114

redhat

больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

CVE-2014-0114

nvd

больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

GHSA-p66x-2cv9-qq3v

github

около 5 лет назад

Arbitrary code execution in Apache Commons BeanUtils

ELSA-2014-0474

oracle-oval

больше 11 лет назад

ELSA-2014-0474: struts security update (IMPORTANT)

exploitDog

CVE-2014-0114

Описание

Пакеты

Примечания

Связанные уязвимости