Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-0474

Опубликовано: 06 мая 2014
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2014-0474: struts security update (IMPORTANT)

[1.2.9-4jpp.7]

  • Resolves: rhbz#1092457
  • CVE-2014-0114: Fixed ClassLoader manipulation vulnerability
  • Added dist tag to release

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

struts

1.2.9-4jpp.8.el5_10

struts-javadoc

1.2.9-4jpp.8.el5_10

struts-manual

1.2.9-4jpp.8.el5_10

struts-webapps-tomcat5

1.2.9-4jpp.8.el5_10

Oracle Linux x86_64

struts

1.2.9-4jpp.8.el5_10

struts-javadoc

1.2.9-4jpp.8.el5_10

struts-manual

1.2.9-4jpp.8.el5_10

struts-webapps-tomcat5

1.2.9-4jpp.8.el5_10

Oracle Linux i386

struts

1.2.9-4jpp.8.el5_10

struts-javadoc

1.2.9-4jpp.8.el5_10

struts-manual

1.2.9-4jpp.8.el5_10

struts-webapps-tomcat5

1.2.9-4jpp.8.el5_10

Связанные CVE

CVE-2014-0114

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-0114

ubuntu
больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

redhat логотип

CVE-2014-0114

redhat
больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

nvd логотип

CVE-2014-0114

nvd
больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

debian логотип

CVE-2014-0114

debian
больше 11 лет назад

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8. ...

github логотип

GHSA-p66x-2cv9-qq3v

github
около 5 лет назад

Arbitrary code execution in Apache Commons BeanUtils