CVE-2014-0114
EPSS 92.3%libstruts1.2-java - security update
發布日:2020/6/10修改日:2026/4/28
描述
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
受影響套件(4)
- Debian/commons-beanutilsfrom 0, < 1.9.2-1
- Debian/libstruts1.2-javafrom 0, < 1.2.9-4+deb6u1
- Debian/libstruts1.2-javafrom 0, < 1.2.9-5+deb7u1
- Maven/commons-beanutils:commons-beanutils>= 1.8.0, < 1.9.4
參考連結(156)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0114
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0114
- PATCHhttps://github.com/apache/commons-beanutils
- WEBhttp://advisories.mageia.org/MGASA-2014-0219.html
- WEBhttp://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html
- WEBhttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
- WEBhttp://marc.info/?l=bugtraq&m=140119284401582&w=2
- WEBhttp://marc.info/?l=bugtraq&m=140801096002766&w=2
- WEBhttp://marc.info/?l=bugtraq&m=141451023707502&w=2
- WEBhttp://openwall.com/lists/oss-security/2014/06/15/10
- WEBhttp://openwall.com/lists/oss-security/2014/07/08/1
- WEBhttps://access.redhat.com/errata/RHSA-2018:2669
- WEBhttps://access.redhat.com/errata/RHSA-2019:2995
- WEBhttps://access.redhat.com/solutions/869353
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1091938
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1116665
- WEBhttp://seclists.org/fulldisclosure/2014/Dec/23
- WEBhttps://github.com/apache/commons-beanutils/commit/62e82ad92cf4818709d6044aaf257b73d42659a4
- WEBhttps://github.com/apache/commons-beanutils/pull/7
- WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- WEBhttps://issues.apache.org/jira/browse/BEANUTILS-463
- WEBhttps://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3Cissues.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3Ccommits.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
- … 另有 106 筆