Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0114
HistoryApr 30, 2014 - 12:00 a.m.

CVE-2014-0114

2014-04-3000:00:00
ubuntu.com
ubuntu.com
44

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar
in Apache Struts 1.x through 1.3.10 and in other products requiring
commons-beanutils through 1.9.2, does not suppress the class property,
which allows remote attackers to “manipulate” the ClassLoader and execute
arbitrary code via the class parameter, as demonstrated by the passing of
this parameter to the getClass method of the ActionForm object in Struts 1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcommons-beanutils< 1.9.3-1ubuntu0.1~esm1UNKNOWN
ubuntu14.04noarchcommons-beanutils< 1.9.1-1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchcommons-beanutils< 1.9.2-3ubuntu0.1~esm1UNKNOWN
ubuntu12.04noarchlibstruts1.2-java< 1.2.9-5+deb7u1build0.12.04.1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%