76 matches found
Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Tivoli Identity Manager/IBM Security Identity Manager (CVE-2014-0114)
Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Tivoli Identity Manager ITIM / IBM Security Identity Manager ISIM Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM QRadar SIEM (CVE-2014-0114)
Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM QRadar Security Information and Event Manager SIEM. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, cause...
Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)
Summary Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server CVE-2014-0114
Summary WebSphere Application Server is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details, see the Classloader Manipulation...
Security vulnerability found in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2014-0114)
Abstract Information about a security vulnerability affecting IBM WebSphere Application Server shipped as a component of IBM PureApplication System has been published in a security bulletin. Content IBM WebSphere Application Server is shipped as a component of IBM PureApplication System...
Security Bulletin: Security vulnerability in IBM WebSphere Application Server, which is shipped with IBM WebSphere Dynamic Process Edition (CVE-2014-0114)
Summary IBM WebSphere Application Server is shipped as a component of products included in the IBM WebSphere Dynamic Process Edition package: IBM WebSphere Process Server, IBM WebSphere Business Monitor, IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting...
Security Bulletin: Security vulnerability in WebSphere Application Server, which is shipped with IBM WebSphere Business Services Fabric (CVE-2014-0114)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details, see the...
Security Bulletin: ClassLoader manipulation with Apache Struts (CVE-2014-0114) affects WebSphere Lombardi Edition and IBM Business Process Manager (BPM)
Summary There is a class loader manipulation vulnerability in Apache Struts CVE-2014-0114 that affects WebSphere Lombardi Edition and IBM Business Process Manager. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X might allow a remote attacker to execute arbitrary code on...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Process Server (WPS) (CVE-2014-0114)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Process Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details read the security...
GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...
Oracle: Security Advisory (ELSA-2014-0474)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Atlassian Bamboo < 5.4.3 / 5.5.1 / 5.6.0 XWork Library ClassLoader Manipulation Remote Code Execution
According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is version 5.4.x prior to 5.4.3 or 5.5.x prior to 5.5.1. It is, therefore, affected by an unspecified flaw in the XWork library. An unauthenticated, remote attacker can exploit this, via...
Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution
According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.5.2. It is, therefore, affected by a flaw in the XWork library that allows a remote, unauthenticated user to alter the ClassLoader. This could allow an attacker to execut...
Seasar S2Struts vulnerable to ClassLoader manipulation
Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Cybozu, Inc...
JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation
Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...
Apache Struts ClassLoader Manipulation Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...
SUSE-SU-2015:0886-1 Security update for struts
Apache Struts was updated to fix a security issue: CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to 'manipulate' the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. Security Issue reference:...
MGASA-2014-0219 Updated struts packages fix CVE-2014-0114
Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...
ClassLoader manipulation vulnerability
We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...
CVE-2014-0116
Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...