CVE-2014-0114
Description
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
92.739
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.33 | Windows |
| Vulnerabilities CVE-2014-0114 are fixed in IBM WebSphere 8.0.0.4 | Windows |
| Vulnerabilities CVE-2019-10086,CVE-2014-0114 are fixed in Apache-commons-beanutils 1.9.4 | Windows |
| Vulnerabilities CVE-2014-0114 are affected in Oracle WebLogic Server 6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.2.0.0 | Windows |
| Vulnerabilities CVE-2014-0114 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.9 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Spectrum Protect Server 7.1.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Spectrum Protect Server 8.1.10 | Windows |
| libstruts1.2-java security update(DSA-3536-1) libstruts1.2-java_1.2.9-5+deb7u2_all.deb | Linux |
| (RHSA-2014:0474) Important: struts security update struts-1.2.9-4jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-1.2.9-4jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:0474) Important: struts security update struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm | Linux |
| Apache-commons-beanutils update (ELSA-2020-0194) apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | Linux |
| Apache-commons-beanutils-javadoc update (ELSA-2020-0194) apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | Linux |
| Vulnerabilities CVE-2019-10086,CVE-2014-0114 are fixed in Apache-commons-beanutils for Linux 1.9.4 | Linux |
| Improper Input Validation Vulnerability (CVE-2014-0114) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234