   * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
     1.3.10 allows remote attackers to &quot;manipulate&quot; the ClassLoader and
     execute arbitrary code via the class parameter, which is passed to
     the getClass method.

OSVersionArchitecturePackageVersionFilename
SUSE Manager 1.7 for SLE11.2noarchstruts< 1.2.9-162.33.1struts-1.2.9-162.33.1.noarch.rpm
SUSE Manager Serveranynoarchstruts< 1.2.9-162.33.1struts-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit11.3noarchstruts-javadoc< 1.2.9-162.33.1struts-javadoc-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit11.3noarchstruts-manual< 1.2.9-162.33.1struts-manual-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit11.3noarchstruts< 1.2.9-162.33.1struts-1.2.9-162.33.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Manager 1.7 for SLE	11.2	noarch	struts	< 1.2.9-162.33.1	struts-1.2.9-162.33.1.noarch.rpm
SUSE Manager Server	any	noarch	struts	< 1.2.9-162.33.1	struts-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	11.3	noarch	struts-javadoc	< 1.2.9-162.33.1	struts-javadoc-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	11.3	noarch	struts-manual	< 1.2.9-162.33.1	struts-manual-1.2.9-162.33.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	11.3	noarch	struts	< 1.2.9-162.33.1	struts-1.2.9-162.33.1.noarch.rpm

References

download.suse.com/patch/finder/?keywords=11dc6b57770cce35af080f561b5ae3f7

download.suse.com/patch/finder/?keywords=fae66e428a1fc1171cb8d6304d55ab38

bugzilla.novell.com/875455

ibm 94

securityvulns 8

nessus 24

redhat 7

ubuntucve 1

debian 2

openvas 14

prion 4

oraclelinux 2

cve 4

packetstorm 1

fedora 1

mageia 1

checkpoint_advisories 2

osv 4

centos 1

jvn 2

f5 2

github 1

debiancve 1

gentoo 1

ubuntu 1

redhatcve 1

zdt 1

vmware 2

atlassian 2

ics 1

hp 1

oracle 12

ibm

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Rational RequisitePro (CVE-2014-0114)

2018-06-17 04:54:30

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)

2018-06-17 15:15:18

Security Bulletin: Security vulnerability in IBM WebSphere Application Server, which is shipped with IBM WebSphere Dynamic Process Edition (CVE-2014-0114)

2018-06-15 07:00:25

securityvulns

Apache commons-beanutils code exeuction

2014-06-17 00:00:00

[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE

2014-06-17 00:00:00

Apache Struts multiple security vulnerabilities

2014-05-07 00:00:00

nessus

RHEL 6 : struts (RHSA-2014:0500)

2014-11-08 00:00:00

Oracle Linux 5 : struts (ELSA-2014-0474)

2014-05-09 00:00:00

Fedora 20 : struts-1.3.10-10.fc20 (2014-9380)

2014-08-23 00:00:00

redhat

(RHSA-2014:0500) Important: struts security update

2014-05-14 00:00:00

(RHSA-2014:0474) Important: struts security update

2014-05-07 00:00:00

(RHSA-2014:0497) Important: Red Hat JBoss Fuse 6.1.0 security update

2014-05-14 18:02:20

ubuntucve

CVE-2014-0114

2014-04-30 00:00:00

debian

[SECURITY] [DSA 2940-1] libstruts1.2-java security update

2014-08-21 06:39:48

[SECURITY] [DLA 57-1] libstruts1.2-java security update

2014-09-17 12:59:07

openvas

RedHat Update for struts RHSA-2014:0474-01

2014-05-12 00:00:00

RedHat Update for struts RHSA-2014:0474-01

2014-05-12 00:00:00

Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)

2014-08-21 00:00:00

prion

Code injection

2014-04-30 10:49:00

Input validation

2019-10-03 14:15:00

Design/Logic Flaw

2020-02-05 19:15:00

oraclelinux

struts security update

2014-05-06 00:00:00

apache-commons-beanutils security update

2020-01-22 00:00:00

cve

CVE-2014-0114

2014-04-30 10:49:00

CVE-2014-3540

2014-07-08 04:11:00

CVE-2019-3834

2019-10-03 14:15:00

packetstorm

OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference

2018-08-23 00:00:00

fedora

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

2014-08-23 02:00:36

mageia

Updated struts packages fix CVE-2014-0114

2014-05-15 02:13:20

checkpoint_advisories

Apache Struts ActionForm ClassLoader Security Bypass (CVE-2014-0114)

2014-05-18 00:00:00

Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)

2014-04-25 00:00:00

osv

Arbitrary code execution in Apache Commons BeanUtils

2020-06-10 23:38:01

libstruts1.2-java - security update

2014-08-21 00:00:00

libstruts1.2-java - security update

2014-09-17 00:00:00

centos

struts security update

2014-05-07 14:04:43

jvn

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

2014-06-17 00:00:00

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

2014-07-15 00:00:00

K15282 : Apache Struts vulnerability CVE-2014-0114

2014-10-20 00:00:00

SOL15282 - Apache Struts vulnerability CVE-2014-0114

2014-05-19 00:00:00

github

Arbitrary code execution in Apache Commons BeanUtils

2020-06-10 23:38:01

debiancve

CVE-2014-0114

2014-04-30 10:49:00

gentoo

Commons-BeanUtils: Arbitrary code execution

2016-07-20 00:00:00

ubuntu

Apache Commons BeanUtils vulnerabilities

2021-03-15 00:00:00

redhatcve

CVE-2019-3834

2019-10-02 20:20:56

zdt

Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit

2017-03-23 00:00:00

vmware

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

atlassian

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

2021-02-03 22:43:13

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

2021-02-03 22:43:13

ics

OpenClinic GA (Update B)

2021-06-15 12:00:00

HP Device Manager Security Updates

2023-10-20 00:00:00

oracle

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Oracle Critical Patch Update - October 2014

2014-10-14 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.973 High

EPSS

Percentile

99.8%

JSON

Related for SUSE-SU-2014:0902-1