CVE - CVE-2014-0114

CVE-ID
CVE-2014-0114	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 MLIST:[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE URL:http://openwall.com/lists/oss-security/2014/06/15/10 MLIST:[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE URL:http://openwall.com/lists/oss-security/2014/07/08/1 MLIST:[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 URL:http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1091938 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676375 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676931 CONFIRM:http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt CONFIRM:https://access.redhat.com/solutions/869353 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1116665 CONFIRM:https://issues.apache.org/jira/browse/BEANUTILS-463 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676303 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676091 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0008.html CONFIRM:http://advisories.mageia.org/MGASA-2014-0219.html CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21675496 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21674128 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21674812 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675266 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675387 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675689 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675898 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676110 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg27042296 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675972 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677110 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:https://security.netapp.com/advisory/ntap-20140911-0001/ CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CONFIRM:https://security.netapp.com/advisory/ntap-20180629-0006/ CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html DEBIAN:DSA-2940 URL:http://www.debian.org/security/2014/dsa-2940 FEDORA:FEDORA-2014-9380 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html GENTOO:GLSA-201607-09 URL:https://security.gentoo.org/glsa/201607-09 HP:HPSBST03160 URL:http://marc.info/?l=bugtraq&m=141451023707502&w=2 HP:HPSBGN03041 URL:http://marc.info/?l=bugtraq&m=140119284401582&w=2 HP:HPSBMU03090 URL:http://marc.info/?l=bugtraq&m=140801096002766&w=2 MANDRIVA:MDVSA-2014:095 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:095 REDHAT:RHSA-2018:2669 URL:https://access.redhat.com/errata/RHSA-2018:2669 BID:67121 URL:http://www.securityfocus.com/bid/67121 SECUNIA:58851 URL:http://secunia.com/advisories/58851 SECUNIA:59014 URL:http://secunia.com/advisories/59014 SECUNIA:59704 URL:http://secunia.com/advisories/59704 SECUNIA:60177 URL:http://secunia.com/advisories/60177 SECUNIA:60703 URL:http://secunia.com/advisories/60703 SECUNIA:57477 URL:http://secunia.com/advisories/57477 SECUNIA:59245 URL:http://secunia.com/advisories/59245 SECUNIA:58947 URL:http://secunia.com/advisories/58947 SECUNIA:59118 URL:http://secunia.com/advisories/59118 SECUNIA:59228 URL:http://secunia.com/advisories/59228 SECUNIA:59246 URL:http://secunia.com/advisories/59246 SECUNIA:59430 URL:http://secunia.com/advisories/59430 SECUNIA:59464 URL:http://secunia.com/advisories/59464 SECUNIA:59479 URL:http://secunia.com/advisories/59479 SECUNIA:59480 URL:http://secunia.com/advisories/59480 SECUNIA:58710 URL:http://secunia.com/advisories/58710 SECUNIA:59718 URL:http://secunia.com/advisories/59718
Assigning CNA
N/A
Date Entry Created
20131203	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org