Lucene search

K

[email protected]NVD:CVE-2014-0094

HistoryMar 11, 2014 - 1:00 p.m.

CVE-2014-0094

2014-03-1113:00:37

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.4 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to “manipulate” the ClassLoader via the class parameter, which is passed to the getClass method.

Affected configurations

NVD

Node

apachestrutsRange2.0.0–2.3.16.1

References

jvn.jp/en/jp/JVN19294237/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000045

packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

secunia.com/advisories/56440

secunia.com/advisories/59178

struts.apache.org/release/2.3.x/docs/s2-020.html

www-01.ibm.com/support/docview.wss?uid=swg21676706

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

www.konakart.com/downloads/ver-7-3-0-0-whats-new

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.securityfocus.com/archive/1/531362/100/0/threaded

www.securityfocus.com/archive/1/532549/100/0/threaded

www.securityfocus.com/bid/65999

www.securitytracker.com/id/1029876

www.vmware.com/security/advisories/VMSA-2014-0007.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.4 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

Related for NVD:CVE-2014-0094

cert1 osv3 ubuntucve3 github3 f55 cve3 ibm12 seebug1 hackerone1 prion3 nessus7 cvelist3 openvas3 nvd2 jvn1 veracode1 packetstorm1 zdt2 huawei1 vmware2 securityvulns3 threatpost1 checkpoint_advisories1 rapid7blog1 oracle1