The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112 may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base article 2081470.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.