SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apache Struts Vendors:   Apache Software Foundation
Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
SecurityTracker Alert ID:  1030159
SecurityTracker URL:  http://securitytracker.com/id/1030159
CVE Reference:   CVE-2014-0114   (Links to External Site)
Date:  Apr 29 2014
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 1.x
Description:   A vulnerability was reported in Apache Struts. A remote user can execute arbitrary code on the target system.

A remote user can supply specially crafted data to manipulate the ClassLoader and execute arbitrary code.

Apache Struts 1 is affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.

The vendor notes: "Struts 1 has had its End-Of-Life announcement one year ago. In a cross project effort, the Struts team is looking for a correction or mitigation path though. Please stay tuned for further information."

Vendor URL:  struts.apache.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 7 2014 (Red Hat Issues Fix) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
May 14 2014 (Red Hat Issues Fix for Red Hat Satellite) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Satellite 5.4, 5.5, and 5.6.
May 27 2014 (HP Issues Advisory for HP IceWall Configuration Manager) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
HP has issued an advisory for HP IceWall Configuration Manager.
Jul 16 2014 (Oracle Issues Fix for Oracle Industry Applications) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
Oracle has issued a fix for Oracle Retail Back Office, Oracle Retail Central Office, and Oracle Retail Returns Management.
Aug 13 2014 (HP Issues Fix for HP SiteScope) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
HP has issued a fix for HP SiteScope 11.1x and 11.2x.
Sep 10 2014 (VMware Issues Fix for vCenter) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
VMware has issued a fix for vCenter.
Oct 28 2014 (HP Issues Fix for HP Command View XP) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
HP has issued a fix for HP Command View XP.
Mar 1 2017 (Juniper Issues Fix for Juniper Security Threat Response Manager) Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
Juniper has issued a fix for Juniper Security Threat Response Manager.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC