CVE-2014-0094
Description
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to manipulate the ClassLoader via the class parameter, which is passed to the getClass method.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
93.242
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-0094 are fixed in Apache-struts2-core 2.3.16.2 | Windows |
| Vulnerabilities CVE-2014-0094 are fixed in Apache-Xwork-core 2.3.16.2 | Windows |
| Vulnerabilities CVE-2014-0094 are fixed in Apache-structs2-core for Linux 2.3.16.2 | Linux |
| Vulnerabilities CVE-2014-0094 are fixed in Apache-Xwork-core for Linux 2.3.16.2 | Linux |
| CVE-2014-0094 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234