CVE-2014-0114 – Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution

https://notcve.org/view.php?id=CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Commons BeanUtils, según se distribuye en lib/commons-beanutils-1.8.0.jar en Apache Struts 1.x hasta la versión 1.3.10 y en otros productos que requieren commons-beanutils hasta la versión 1.9.2, no suprime la propiedad class, lo que permite a atacantes remotos "manipular" el ClassLoader y ejecutar código arbitrario a través del parámetro class, según lo demostrado por el paso de este parámetro al método getClass del objeto ActionForm en Struts 1. OSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/41690 http://advisories.mageia.org/MGASA-2014-0219.html http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html http://marc.info/?l=bugtraq&m=140119284401582&w=2 http://marc.info/?l=bugtraq&m=140801096002766&w= • CWE-20: Improper Input Validation CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •