Lucene search
VMwareVMSA-2014-0007HistoryJun 24, 2014 - 12:00 a.m.
VMware product updates address security vulnerabilities in Apache Struts library
2014-06-2400:00:00
www.vmware.com
52
0.974 High
EPSS
Percentile
99.9%
The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112 may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base article 2081470.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
Related
threatpost
threatpost
VMware Patches Apache Struts Flaws in vCOPS
2014-06-25 13:59:49
nessus
nessus
ibm
ibm
Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library
2018-06-18 00:08:33
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
prion
prion
Design/Logic Flaw
2014-04-29 10:37:00
Security feature bypass
2014-03-11 13:00:00
Design/Logic Flaw
2014-04-01 06:27:00
jvn
jvn
JVN#19294237: Apache Struts vulnerable to ClassLoader manipulation
2014-04-25 00:00:00
cve
cve
ubuntucve
ubuntucve
osv
osv
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:16
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
github
github
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:16
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
openvas
openvas
packetstorm
packetstorm
Apache Struts ClassLoader Manipulation Remote Code Execution
2014-05-02 00:00:00
zdt
zdt
Apache Struts ClassLoader Manipulation Remote Code Execution Exploit
2014-05-03 00:00:00
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit
2017-03-23 00:00:00
Apache Commons FileUpload and Apache Tomcat Denial of Service
2014-02-12 00:00:00
securityvulns
securityvulns
Apache Struts multiple security vulnerabilities
2014-05-07 00:00:00
huawei
huawei
Security Advisory-Apache Struts2 vulnerability on Huawei multiple products
2014-07-07 00:00:00
f5
f5
SOL15262 - Apache Struts vulnerability CVE-2014-0113
2014-05-15 00:00:00
SOL15261 - Apache Struts vulnerability CVE-2014-0112
2014-05-15 00:00:00
SOL14933 - Apache Struts vulnerability CVE-2013-2251
2014-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
hackerone
hackerone
U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website
2016-12-19 23:00:16
cert
cert
atlassian
atlassian
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
seebug
seebug
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
2014-02-13 00:00:00
Apache Struts ClassLoader操作漏洞
2014-03-10 00:00:00
Apache Commons FileUpload and Apache Tomcat - Denial-of-Service
2014-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS) By An Infinite Loop Causing CPU Consumption
2019-01-15 08:58:15
Class Loader Manipulation With CookieInterceptor
2014-06-06 18:13:23
debian
debian
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
2014-02-07 22:59:08
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
debiancve
debiancve
CVE-2014-0050
2014-04-01 06:27:00
mageia
mageia
Updated tomcat packages fix CVE-2014-0050
2014-02-28 22:59:29
Updated apache-commons-fileupload package fixes CVE-2014-0050
2014-02-28 22:57:52
fedora
fedora
[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20
2014-02-17 21:06:10
[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19
2014-02-17 21:07:04
tomcat
tomcat
Fixed in Apache Tomcat 8.0.3
2014-02-11 00:00:00
Fixed in Apache Tomcat 7.0.52
2014-02-17 00:00:00
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
redhat
redhat
(RHSA-2014:0253) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update
2014-03-05 00:00:00
(RHSA-2014:0252) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update
2014-03-05 18:50:05
(RHSA-2019:0910) Important: Red Hat Fuse 7.3 security update
2019-04-30 15:17:04
suse
suse
Security update for jakarta-commons-fileupload (important)
2014-04-17 21:04:15
amazon
amazon
Medium: tomcat7
2014-03-24 23:36:00
Medium: tomcat6
2014-05-21 10:45:00
exploitdb
exploitdb
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-07-09 16:09:49
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
rapid7blog
rapid7blog
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
2022-03-30 22:33:54