CVE-2014-0112

2014-04-29T10:37:00
ID CVE-2014-0112
Type cve
Reporter cve@mitre.org
Modified 2019-05-13T19:47:00

Description

ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.