Lucene search
K

76 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:18 p.m.47 views

Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Tivoli Identity Manager/IBM Security Identity Manager (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Tivoli Identity Manager ITIM / IBM Security Identity Manager ISIM Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the...

7.5CVSS1.2AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:17 p.m.32 views

Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM QRadar SIEM (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM QRadar Security Information and Event Manager SIEM. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, cause...

7.5CVSS1.5AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:7 p.m.37 views

Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)

Summary Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and...

7.5CVSS0.6AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.20 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server CVE-2014-0114

Summary WebSphere Application Server is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details, see the Classloader Manipulation...

7.5CVSS2.8AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.61 views

Security vulnerability found in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2014-0114)

Abstract Information about a security vulnerability affecting IBM WebSphere Application Server shipped as a component of IBM PureApplication System has been published in a security bulletin. Content IBM WebSphere Application Server is shipped as a component of IBM PureApplication System...

7.5CVSS1.8AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.32 views

Security Bulletin: Security vulnerability in IBM WebSphere Application Server, which is shipped with IBM WebSphere Dynamic Process Edition (CVE-2014-0114)

Summary IBM WebSphere Application Server is shipped as a component of products included in the IBM WebSphere Dynamic Process Edition package: IBM WebSphere Process Server, IBM WebSphere Business Monitor, IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting...

7.5CVSS2.7AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.17 views

Security Bulletin: Security vulnerability in WebSphere Application Server, which is shipped with IBM WebSphere Business Services Fabric (CVE-2014-0114)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details, see the...

7.5CVSS6.7AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.23 views

Security Bulletin: ClassLoader manipulation with Apache Struts (CVE-2014-0114) affects WebSphere Lombardi Edition and IBM Business Process Manager (BPM)

Summary There is a class loader manipulation vulnerability in Apache Struts CVE-2014-0114 that affects WebSphere Lombardi Edition and IBM Business Process Manager. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X might allow a remote attacker to execute arbitrary code on...

7.5CVSS0.6AI score0.96121EPSS
Exploits4Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.30 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Process Server (WPS) (CVE-2014-0114)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Process Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details read the security...

7.5CVSS2.7AI score0.96121EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/07/21 12:0 a.m.46 views

GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...

7.5CVSS7.2AI score0.96121EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.42 views

Oracle: Security Advisory (ELSA-2014-0474)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.96121EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2014/08/12 12:0 a.m.12 views

Atlassian Bamboo < 5.4.3 / 5.5.1 / 5.6.0 XWork Library ClassLoader Manipulation Remote Code Execution

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is version 5.4.x prior to 5.4.3 or 5.5.x prior to 5.5.1. It is, therefore, affected by an unspecified flaw in the XWork library. An unauthenticated, remote attacker can exploit this, via...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/06 12:0 a.m.12 views

Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.5.2. It is, therefore, affected by a flaw in the XWork library that allows a remote, unauthenticated user to alter the ClassLoader. This could allow an attacker to execut...

6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 5:44 a.m.3 views

Seasar S2Struts vulnerable to ClassLoader manipulation

Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Cybozu, Inc...

7.5CVSS8.8AI score
Exploits5References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 12:0 a.m.51 views

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...

7.5CVSS7.6AI score0.96121EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.60 views

Apache Struts ClassLoader Manipulation Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

7.1AI score0.99614EPSS
Exploits8
OSV
OSV
added 2014/06/20 8:43 p.m.9 views

SUSE-SU-2015:0886-1 Security update for struts

Apache Struts was updated to fix a security issue: CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to 'manipulate' the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. Security Issue reference:...

7.5CVSS7.8AI score0.96121EPSS
Exploits4References5
OSV
OSV
added 2014/05/14 10:13 p.m.6 views

MGASA-2014-0219 Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

7.5CVSS7.4AI score0.96121EPSS
Exploits4References3
Atlassian
Atlassian
added 2014/05/12 5:43 a.m.29 views

ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

2.6AI score
Exploits0Affected Software1
CVE
CVE
added 2014/05/08 10:0 a.m.113 views

CVE-2014-0116

Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...

5.8CVSS6.1AI score0.06516EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder