Описание
ClassLoader manipulation in Apache Struts
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-0094
- https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
- https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
- http://jvn.jp/en/jp/JVN19294237/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://struts.apache.org/release/2.3.x/docs/s2-020.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21676706
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
Пакеты
org.apache.struts:struts2-core
>= 2.0.0, < 2.3.16.2
2.3.16.2
org.apache.struts.xwork:xwork-core
>= 2.0.0, < 2.3.16.2
2.3.16.2
EPSS
CVE ID
Связанные уязвимости
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remo ...
Уязвимость реализации класса ParametersInterceptor программной платформы Apache Struts, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
EPSS