CVE-2014-0114

Apache Struts ClassLoader Manipulation Remote Code Execution

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Apache Commons BeanUtils, según se distribuye en lib/commons-beanutils-1.8.0.jar en Apache Struts 1.x hasta la versión 1.3.10 y en otros productos que requieren commons-beanutils hasta la versión 1.9.2, no suprime la propiedad class, lo que permite a atacantes remotos "manipular" el ClassLoader y ejecutar código arbitrario a través del parámetro class, según lo demostrado por el paso de este parámetro al método getClass del objeto ActionForm en Struts 1.

OSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-03 CVE Reserved
2014-03-06 First Exploit
2014-04-29 CVE Published
2024-01-25 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CAPEC

References (126)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0219.html	X_refsource_confirm
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html	Mailing List
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt	X_refsource_confirm
http://openwall.com/lists/oss-security/2014/06/15/10	Mailing List
http://openwall.com/lists/oss-security/2014/07/08/1	Mailing List
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List
http://secunia.com/advisories/57477	Third Party Advisory
http://secunia.com/advisories/58710	Third Party Advisory
http://secunia.com/advisories/58851	Third Party Advisory
http://secunia.com/advisories/58947	Third Party Advisory
http://secunia.com/advisories/59014	Third Party Advisory
http://secunia.com/advisories/59118	Third Party Advisory
http://secunia.com/advisories/59228	Third Party Advisory
http://secunia.com/advisories/59245	Third Party Advisory
http://secunia.com/advisories/59246	Third Party Advisory
http://secunia.com/advisories/59430	Third Party Advisory
http://secunia.com/advisories/59464	Third Party Advisory
http://secunia.com/advisories/59479	Third Party Advisory
http://secunia.com/advisories/59480	Third Party Advisory
http://secunia.com/advisories/59704	Third Party Advisory
http://secunia.com/advisories/59718	Third Party Advisory
http://secunia.com/advisories/60177	Third Party Advisory
http://secunia.com/advisories/60703	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21674128	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21674812	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675266	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675387	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675689	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675898	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675972	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676091	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676110	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676303	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676375	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676931	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21677110	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27042296	X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21675496	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/534161/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/67121	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2014-0008.html	X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	X_refsource_confirm
https://access.redhat.com/solutions/869353	X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1116665	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755	X_refsource_confirm
https://issues.apache.org/jira/browse/BEANUTILS-463	X_refsource_confirm
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E	X_refsource_misc
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20140911-0001	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20180629-0006	X_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	X_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	X_refsource_misc
http://www.pwntester.com/blog/2014/04/24/struts2-0day-in-the-wild
http://struts.apache.org/release/2.3.x/docs/s2-020.html
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Update-your-Struts-1-ClassLoader-manipulation-filters/ba-p/6639204
https://github.com/rgielen/struts1filter/tree/develop

URL	Date	SRC
https://www.exploit-db.com/exploits/41690	2014-03-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/struts_code_exec_classloader.rb	2014-03-06

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html	2023-02-13
http://marc.info/?l=bugtraq&m=140119284401582&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=140801096002766&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=141451023707502&w=2	2023-02-13
http://www.debian.org/security/2014/dsa-2940	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2014:095	2023-02-13
https://access.redhat.com/errata/RHSA-2018:2669	2023-02-13
https://access.redhat.com/errata/RHSA-2019:2995	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1091938	2019-10-10
https://security.gentoo.org/glsa/201607-09	2023-02-13
https://access.redhat.com/security/cve/CVE-2014-0114	2019-10-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Commons Beanutils Search vendor "Apache" for product "Commons Beanutils"				<= 1.9.1 Search vendor "Apache" for product "Commons Beanutils" and version " <= 1.9.1"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.0 Search vendor "Apache" for product "Struts" and version "1.0"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.0.2 Search vendor "Apache" for product "Struts" and version "1.0.2"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		b1		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		b2		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		b3		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		rc1		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.1 Search vendor "Apache" for product "Struts" and version "1.1"		rc2		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.2 Search vendor "Apache" for product "Struts" and version "1.2.2"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.4 Search vendor "Apache" for product "Struts" and version "1.2.4"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.6 Search vendor "Apache" for product "Struts" and version "1.2.6"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.7 Search vendor "Apache" for product "Struts" and version "1.2.7"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.8 Search vendor "Apache" for product "Struts" and version "1.2.8"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.2.9 Search vendor "Apache" for product "Struts" and version "1.2.9"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.3.5 Search vendor "Apache" for product "Struts" and version "1.3.5"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.3.8 Search vendor "Apache" for product "Struts" and version "1.3.8"		-		Affected
Apache Search vendor "Apache"		Struts Search vendor "Apache" for product "Struts"				1.3.10 Search vendor "Apache" for product "Struts" and version "1.3.10"		-		Affected