Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-3220

CVE-2014-0114: Class loader manipulation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: 1.0.1, 1.2.9, 1.3.10
    • Fix Version/s: 1.1.2, 1.2.10, 1.3.11
    • Component/s: Core
    • Labels:

      Description

      The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

        Attachments

          Activity

            People

            • Assignee:
              pbenedict Paul Benedict
              Reporter:
              pbenedict Paul Benedict
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: