CVE-2014-0114

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1091938
http://secunia.com/advisories/59704
http://www-01.ibm.com/support/docview.wss?uid=swg21676303
https://issues.apache.org/jira/browse/BEANUTILS-463
https://bugzilla.redhat.com/show_bug.cgi?id=1116665
http://www-01.ibm.com/support/docview.wss?uid=swg21676931
http://secunia.com/advisories/59014
https://access.redhat.com/solutions/869353
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
http://openwall.com/lists/oss-security/2014/07/08/1
http://secunia.com/advisories/58851
http://openwall.com/lists/oss-security/2014/06/15/10
http://www-01.ibm.com/support/docview.wss?uid=swg21676375
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://secunia.com/advisories/60703
http://secunia.com/advisories/60177
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.debian.org/security/2014/dsa-2940
http://marc.info/?l=bugtraq&m=141451023707502&w=2
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
http://marc.info/?l=bugtraq&m=140119284401582&w=2
http://marc.info/?l=bugtraq&m=140801096002766&w=2
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
http://www.securityfocus.com/bid/67121
https://security.gentoo.org/glsa/201607-09
http://www-01.ibm.com/support/docview.wss?uid=swg27042296
http://www-01.ibm.com/support/docview.wss?uid=swg21677110
http://www-01.ibm.com/support/docview.wss?uid=swg21676110
http://www-01.ibm.com/support/docview.wss?uid=swg21675972
http://www-01.ibm.com/support/docview.wss?uid=swg21675898
http://www-01.ibm.com/support/docview.wss?uid=swg21675689
http://www-01.ibm.com/support/docview.wss?uid=swg21675387
http://www-01.ibm.com/support/docview.wss?uid=swg21675266
http://www-01.ibm.com/support/docview.wss?uid=swg21674812
http://www-01.ibm.com/support/docview.wss?uid=swg21674128
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
http://www.ibm.com/support/docview.wss?uid=swg21675496
http://secunia.com/advisories/59718
http://secunia.com/advisories/59480
http://secunia.com/advisories/59479
http://secunia.com/advisories/59464
http://secunia.com/advisories/59430
http://secunia.com/advisories/59246
http://secunia.com/advisories/59245
http://secunia.com/advisories/59228
http://secunia.com/advisories/59118
http://secunia.com/advisories/58947
http://secunia.com/advisories/58710
http://secunia.com/advisories/57477
http://advisories.mageia.org/MGASA-2014-0219.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://security.netapp.com/advisory/ntap-20140911-0001/
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html
https://security.netapp.com/advisory/ntap-20180629-0006/
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://access.redhat.com/errata/RHSA-2018:2669
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://access.redhat.com/errata/RHSA-2019:2995
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*
cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*
Information

Published : 2014-04-30 03:49

Updated : 2023-02-12 16:32

NVD link : CVE-2014-0114

Mitre link : CVE-2014-0114

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

apache

  • struts
  • commons_beanutils