The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote
attackers to “manipulate” the ClassLoader via the class parameter, which is
passed to the getClass method.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=1073716>

References

cwiki.apache.org/confluence/display/WW/S2-020

launchpad.net/bugs/cve/CVE-2014-0094

nvd.nist.gov/vuln/detail/CVE-2014-0094

security-tracker.debian.org/tracker/CVE-2014-0094

www.cve.org/CVERecord?id=CVE-2014-0094

osv 3

cert 1

github 3

hackerone 1

ibm 12

prion 3

nessus 7

openvas 3

f5 5

seebug 1

cve 3

ubuntucve 2

veracode 1

jvn 1

zdt 2

packetstorm 1

huawei 1

securityvulns 3

threatpost 1

vmware 2

checkpoint_advisories 1

rapid7blog 1

oracle 1

osv

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:15

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:15

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:16

cert

Apache Struts2 ClassLoader allows access to class properties via request parameters

2014-04-25 00:00:00

github

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:15

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:15

ClassLoader manipulation in Apache Struts

2022-05-14 00:54:16

hackerone

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2016-12-19 23:00:16

ibm

Security Bulletin: Vulnerability in Apache Struts affects IBM System Storage Storwize V7000 Unified (CVE-2014-0094)

2018-06-18 00:08:34

Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)

2023-03-29 01:48:02

Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)

2023-03-29 01:48:02

prion

Security feature bypass

2014-03-11 13:00:00

Design/Logic Flaw

2014-04-29 10:37:00

Design/Logic Flaw

2014-04-29 10:37:00

nessus

Apache Struts 2 'class' Parameter ClassLoader Manipulation

2014-03-26 00:00:00

Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)

2015-01-30 00:00:00

VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)

2014-07-07 00:00:00

openvas

Apache Struts Security Update (S2-020) - Active Check

2014-05-14 00:00:00

Apache Struts Security Update (S2-020) - Version Check

2019-08-28 00:00:00

Apache Struts 2.x < 2.3.16.1 Multiple Vulnerabilities (S2-020) - Linux

2019-08-28 00:00:00

K15260 : Apache Struts vulnerability CVE-2014-0094

2014-05-15 00:00:00

SOL15261 - Apache Struts vulnerability CVE-2014-0112

2014-05-15 00:00:00

SOL15262 - Apache Struts vulnerability CVE-2014-0113

2014-05-15 00:00:00

seebug

Apache Struts ClassLoader操作漏洞

2014-03-10 00:00:00

cve

CVE-2014-0094

2014-03-11 13:00:00

CVE-2014-0112

2014-04-29 10:37:00

CVE-2014-0113

2014-04-29 10:37:00

ubuntucve

CVE-2014-0113

2014-04-29 00:00:00

CVE-2014-0112

2014-04-29 00:00:00

veracode

Class Loader Manipulation With CookieInterceptor

2014-06-06 18:13:23

jvn

JVN#19294237: Apache Struts vulnerable to ClassLoader manipulation

2014-04-25 00:00:00

zdt

Apache Struts ClassLoader Manipulation Remote Code Execution Exploit

2014-05-03 00:00:00

Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit

2017-03-23 00:00:00

packetstorm

Apache Struts ClassLoader Manipulation Remote Code Execution

2014-05-02 00:00:00

huawei

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

2014-07-07 00:00:00

securityvulns

[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114

2014-05-02 00:00:00

Apache Struts multiple security vulnerabilities

2014-05-07 00:00:00

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

2014-05-02 00:00:00

threatpost

VMware Patches Apache Struts Flaws in vCOPS

2014-06-25 13:59:49

vmware

VMware product updates address security vulnerabilities in Apache Struts library

2014-06-24 00:00:00

VMware product updates address security vulnerabilities in Apache Struts library

2014-06-24 00:00:00

checkpoint_advisories

Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)

2014-04-25 00:00:00

rapid7blog

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

2022-03-30 22:33:54

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.971 High

EPSS

Percentile

99.8%

JSON

Related for UB:CVE-2014-0094