// For flags

CVE-2014-0112

Apache Struts - ClassLoader Manipulation Remote Code Execution

Severity Score

7.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

ParametersInterceptor en Apache Struts versiones anteriores a 2.3.20, no restringe apropiadamente el acceso al método getClass, lo que permite a atacantes remotos "manipulate" el ClassLoader y ejecutar código arbitrario por medio de una petición diseñada. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta de CVE-2014-0094.

This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a deserialization vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-03-06 First Exploit
  • 2014-04-29 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-04-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (20)
URL Tag Source
http://jvn.jp/en/jp/JVN19294237/index.html Third Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 Third Party Advisory
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676706 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Third Party Advisory
http://www.securityfocus.com/archive/1/531952/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/532549/100/0/threaded Mailing List
http://www.securityfocus.com/bid/67064 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0007.html Third Party Advisory
http://www.pwntester.com/blog/2014/04/24/struts2-0day-in-the-wild
http://struts.apache.org/release/2.3.x/docs/s2-020.html
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Update-your-Struts-1-ClassLoader-manipulation-filters/ba-p/6639204
https://github.com/rgielen/struts1filter/tree/develop
URL Date SRC
https://packetstorm.news/files/id/126445 2014-05-02
https://www.exploit-db.com/exploits/33142 2014-05-02
https://www.exploit-db.com/exploits/41690 2014-03-06
URL Date SRC
https://cwiki.apache.org/confluence/display/WW/S2-021 2019-08-12
URL Date SRC
https://access.redhat.com/errata/RHSA-2019:0910 2019-08-12
https://bugzilla.redhat.com/show_bug.cgi?id=1091939 2019-04-30
https://access.redhat.com/security/cve/CVE-2014-0112 2019-04-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Struts
Search vendor "Apache" for product "Struts"
 >= 2.0.0 < 2.3.16.2
Search vendor "Apache" for product "Struts" and version " >= 2.0.0 < 2.3.16.2"
-
Affected