CVE-2014-0094
⚪ Do wiadomości
Manipulacja ClassLoadera w Apache Struts umożliwia zdalnym atakującym wykonanie kodu.
CVSS
5.0
EPSS
93.1%
Exploit
none
Vendor
apache
Opis źródłowy (NVD)
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 93.1% |
| Opublikowano (NVD) | 2014-03-11 13:00:37 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-06 22:30:45 UTC |
Referencje
- http://jvn.jp/en/jp/JVN19294237/index.html (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://secunia.com/advisories/56440 (secalert@redhat.com) [Vendor Advisory]
- http://secunia.com/advisories/59178 (secalert@redhat.com) [Permissions Required]
- http://struts.apache.org/release/2.3.x/docs/s2-020.html (secalert@redhat.com) [Vendor Advisory]
- http://www-01.ibm.com/support/docview.wss?uid=swg21676706 (secalert@redhat.com) [Third Party Advisory]
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm (secalert@redhat.com) [Third Party Advisory]
- http://www.konakart.com/downloads/ver-7-3-0-0-whats-new (secalert@redhat.com) [Third Party Advisory]
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html (secalert@redhat.com) [Third Party Advisory]
- http://www.securityfocus.com/archive/1/531362/100/0/threaded (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/archive/1/532549/100/0/threaded (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/65999 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1029876 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html (secalert@redhat.com) [Third Party Advisory]