exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2014-0113

больше 11 лет назад

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVSS2: 7.5

EPSS: Высокий

CVE-2014-0113

больше 11 лет назад

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVSS2: 7.5

EPSS: Высокий

CVE-2014-0113

больше 11 лет назад

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVSS2: 7.5

EPSS: Высокий

CVE-2014-0113

больше 11 лет назад

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cook ...

CVSS2: 7.5

EPSS: Высокий

GHSA-3c5c-xrq4-qhr8

больше 3 лет назад

ClassLoader manipulation in Apache Struts

EPSS: Высокий

BDU:2015-00401

больше 11 лет назад

Уязвимость реализации метода getClass класса CookieInterceptor программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.1

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2014-0113 CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.	CVSS2: 7.5	88% Высокий	больше 11 лет назад
CVE-2014-0113 CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.	CVSS2: 7.5	88% Высокий	больше 11 лет назад
CVE-2014-0113 CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.	CVSS2: 7.5	88% Высокий	больше 11 лет назад
CVE-2014-0113 CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cook ...	CVSS2: 7.5	88% Высокий	больше 11 лет назад
GHSA-3c5c-xrq4-qhr8 ClassLoader manipulation in Apache Struts		88% Высокий	больше 3 лет назад
BDU:2015-00401 Уязвимость реализации метода getClass класса CookieInterceptor программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код	CVSS3: 7.1	88% Высокий	больше 11 лет назад

Уязвимостей на страницу