Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3834

Опубликовано: 02 окт. 2019
Источник: redhat
CVSS3: 5.6

Описание

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

Отчет

While the original flaw, CVE-2014-0114, was resolved as a precaution in JON 3.2.1, later further research revealed that JON did not expose the properties in an exploitable way, and was not vulnerable.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Operations Network 3struts1Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-470
https://bugzilla.redhat.com/show_bug.cgi?id=1677721JON: struts1 reversion of fix for CVE-2014-0114

5.6 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-3834

CVSS3: 7.3
nvd
больше 6 лет назад

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

github логотип

GHSA-r4h2-77r7-2xch

CVSS3: 7.3
github
больше 3 лет назад

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

fstec логотип

BDU:2019-04781

CVSS3: 5.6
fstec
почти 7 лет назад

Уязвимость реализации класса ClassLoader платформы Red Hat JBoss Operations Network, позволяющая нарушителю выполнить произвольный код

5.6 Medium

CVSS3