CVE-2014-0116
https://notcve.org/view.php?id=CVE-2014-0116
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. CookieInterceptor en Apache Struts versiones 2.x anteriores a 2.3.20, cuando un valor de cookiesName comodín es usado, no restringe apropiadamente el acceso al método getClass, lo que permite a atacantes remotos "manipulate" el ClassLoader y modificar el estado de la sesión por medio de una petición diseñada. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta de CVE-2014-0113. • http://secunia.com/advisories/59816 http://struts.apache.org/release/2.3.x/docs/s2-022.html http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/67218 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0114 – Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Commons BeanUtils, según se distribuye en lib/commons-beanutils-1.8.0.jar en Apache Struts 1.x hasta la versión 1.3.10 y en otros productos que requieren commons-beanutils hasta la versión 1.9.2, no suprime la propiedad class, lo que permite a atacantes remotos "manipular" el ClassLoader y ejecutar código arbitrario a través del parámetro class, según lo demostrado por el paso de este parámetro al método getClass del objeto ActionForm en Struts 1. OSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/41690 http://advisories.mageia.org/MGASA-2014-0219.html http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html http://marc.info/?l=bugtraq&m=140119284401582&w=2 http://marc.info/?l=bugtraq&m=140801096002766&w= • CWE-20: Improper Input Validation CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVE-2014-0113 – Apache Struts - ClassLoader Manipulation Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. CookieInterceptor en Apache Struts versiones anteriores a 2.3.20, cuando un valor de cookiesName comodín es usado, no restringe correctamente el acceso al método getClass, lo que permite a atacantes remotos "manipulate" el ClassLoader y ejecutar código arbitrario por medio de una petición diseñada. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta de CVE-2014-0094. • https://www.exploit-db.com/exploits/33142 http://secunia.com/advisories/59178 http://www-01.ibm.com/support/docview.wss?uid=swg21676706 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/archive/1/531952/100/0/threaded https://cwiki.apache.org/confluence/display/WW/S2-021 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0112 – Apache Struts - ClassLoader Manipulation Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. ParametersInterceptor en Apache Struts versiones anteriores a 2.3.20, no restringe apropiadamente el acceso al método getClass, lo que permite a atacantes remotos "manipulate" el ClassLoader y ejecutar código arbitrario por medio de una petición diseñada. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta de CVE-2014-0094. • https://www.exploit-db.com/exploits/33142 https://www.exploit-db.com/exploits/41690 http://jvn.jp/en/jp/JVN19294237/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://secunia.com/advisories/59178 http://secunia.com/advisories/59500 http://www-01.ibm.com/support/docview.wss?uid=swg21676706 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0094 – Apache Struts - ClassLoader Manipulation Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ParametersInterceptor en Apache Struts versiones anteriores a 2.3.16.2, permite a atacantes remotos "manipulate" el ClassLoader por medio del parámetro class, que se pasa al método getClass. • https://www.exploit-db.com/exploits/33142 https://www.exploit-db.com/exploits/41690 https://github.com/y0d3n/CVE-2014-0094 https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1 http://jvn.jp/en/jp/JVN19294237/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://secunia.com/advisories/56440 http://secunia.com/advisories/59178 http://struts.apache.org/release/2. •