jvndb-2014-000045
Vulnerability from jvndb
Published
2014-04-25 15:37
Modified
2015-05-08 18:01
Severity ?
() - -
Summary
Apache Struts vulnerable to ClassLoader manipulation
Details
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN19294237/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
IPA SECURITY ALERTS http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html
CERT-VN http://www.kb.cert.org/vuls/id/719225
Related document http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/
No Mapping(CWE-DesignError) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Struts
FUJITSUCloud Infrastructure Management Software
FUJITSUFUJITSU Integrated System HA Database Ready
FUJITSUInterstage
FUJITSUInterstage Application Development Cycle Manager
FUJITSUInterstage Application Framework Suite
FUJITSUInterstage Application Server
FUJITSUInterstage Apworks
FUJITSUInterstage Business Application Server
FUJITSUInterstage Interaction Manager
FUJITSUInterstage Job Workload Server
FUJITSUInterstage Service Integrator
FUJITSUInterstage Studio
FUJITSUServerView
FUJITSUSymfoware
FUJITSUSystemwalker Service Catalog Manager
FUJITSUSystemwalker Service Quality Coordinator
FUJITSUSystemwalker Software Configuration Manager
FUJITSUTRIOLE
Cybertrust Japan Co., Ltd.Asianux Server
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html",
  "dc:date": "2015-05-08T18:01+09:00",
  "dcterms:issued": "2014-04-25T15:37+09:00",
  "dcterms:modified": "2015-05-08T18:01+09:00",
  "description": "Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.\r\n\r\nNTT-CERT reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:struts",
      "@product": "Apache Struts",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
      "@product": "Cloud Infrastructure Management Software",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
      "@product": "FUJITSU Integrated System HA Database Ready",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage",
      "@product": "Interstage",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
      "@product": "Interstage Application Development Cycle Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_interaction_manager",
      "@product": "Interstage Interaction Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_service_integrator",
      "@product": "Interstage Service Integrator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:serverview",
      "@product": "ServerView",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:symfoware",
      "@product": "Symfoware",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
      "@product": "Systemwalker Service Catalog Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
      "@product": "Systemwalker Service Quality Coordinator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
      "@product": "Systemwalker Software Configuration Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:triole",
      "@product": "TRIOLE",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000045",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN19294237/index.html",
      "@id": "JVN#19294237",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094",
      "@id": "CVE-2014-0094",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112",
      "@id": "CVE-2014-0112",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094",
      "@id": "CVE-2014-0094",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112",
      "@id": "CVE-2014-0112",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html",
      "@id": "[Updated] Security Alert for Vulnerability in the \"Apache Struts2\" (CVE-2014-0094)(S2-020)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/719225",
      "@id": "VU#719225",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/",
      "@id": "Ver 7.3.0.0 - What\u2019s New?",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-DesignError",
      "@title": "No Mapping(CWE-DesignError)"
    }
  ],
  "title": "Apache Struts vulnerable to ClassLoader manipulation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.