var-201404-0286
Vulnerability from variot

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:

A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description:

This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)

  • struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)

  • jetty: HTTP request smuggling (CVE-2017-7657)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/

  1. Bugs fixed (https://bugzilla.redhat.com/):

1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


               VMware Security Advisory

Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112


  1. Summary

    VMware product updates address security vulnerabilities in Apache Struts library

  2. Relevant releases

    VMware vCenter Operations Management Suite prior to 5.8.2

  3. Problem Description

a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-0050, CVE-2014-0094, and
  CVE-2014-0112 to these issues.

  CVE-2014-0112 may lead to remote code execution. This issue was 
  found to be only partially addressed in CVE-2014-0094.

  CVE-2014-0050 may lead to a denial of service condition.

  vCenter Operations Management Suite (vCOps) is affected by both 
  CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
  may lead to remote code execution without authentication.

  vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not 
  by CVE-2014-0112.

  Workaround

  A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
  article 2081470.


  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running Replace with/
  Product        Version    on  Apply Patch
  =============  =======    ======= =================
  vCOPS      5.8.x  any     vCOPS 5.8.2
  vCOPS          5.7.x      any     patch pending *

  vCO            5.5        any     patch pending
  vCO            5.1        any     patch pending
  vCO            4.2        any     patch pending

  *Customers are advised to apply the workaround or update to vCOps

5.8.2.

  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

vCenter Operations Management Suite 5.8.2


Downloads and Documentation: https://www.vmware.com/go/download-vcops

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

http://kb.vmware.com/kb/2081470


  1. Change log

2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.


  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8

wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0286",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "struts",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.16.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.0.0 to 2.3.16.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 for x86(32bit)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 for x86_64(64bit)"
      },
      {
        "model": "cloud infrastructure management software",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business analytics modeling server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business process manager analytics"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "extreme transaction processing server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "mobile manager"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage interaction manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage service integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "serverview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "resource orchestrator"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "systemwalker service catalog manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker service quality coordinator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "cloudmiddleset b set"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.4.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.16.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.15"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.16.2",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0112",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2014-000045",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0112",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0112",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2014-000045",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-445",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0112",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:\n\nA minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Description:\n\nThis release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse\n7.2, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* jackson-databind: A deserialization flaw was discovered in the\njackson-databind which could allow an unauthenticated user to perform code\nexecution by sending the maliciously crafted input to the readValue method\nof the ObjectMapper. (CVE-2017-7525)\n\n* struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)\n\n* jetty: HTTP request smuggling (CVE-2017-7657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters\n1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper\n1595620 - CVE-2017-7657 jetty: HTTP request smuggling\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis:    VMware product updates address security vulnerabilities in \n             Apache Struts library \nIssue date:  2014-06-24\nUpdated on:  2014-06-24 (Initial Advisory)\nCVE number:  CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n    VMware product updates address security vulnerabilities in Apache \n    Struts library\n\n2. Relevant releases\n\n    VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n   a. The Apache Struts library is updated to version 2.3.16.2 to \n      address multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-0050, CVE-2014-0094, and\n      CVE-2014-0112 to these issues. \n\n      CVE-2014-0112 may lead to remote code execution. This issue was \n      found to be only partially addressed in CVE-2014-0094. \n\n      CVE-2014-0050 may lead to a denial of service condition. \n\n      vCenter Operations Management Suite (vCOps) is affected by both \n      CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n      may lead to remote code execution without authentication. \n\n      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n      by CVE-2014-0112. \n\n      Workaround\n\n      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n      article 2081470. \n\n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning\tReplace with/\n      Product        Version\ton\tApply Patch\n      =============  =======\t=======\t=================\n      vCOPS\t     5.8.x \tany \tvCOPS 5.8.2\n      vCOPS          5.7.x      any     patch pending *\n\n      vCO            5.5        any     patch pending\n      vCO            5.1        any     patch pending\n      vCO            4.2        any     patch pending\n\n      *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n   Please review the patch/release notes for your product and version \n   and verify the checksum of your downloaded file. \n\n   vCenter Operations Management Suite 5.8.2\n   -----------------------------------------\n   Downloads and Documentation:\n   https://www.vmware.com/go/download-vcops\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n   http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2014-06-24 VMSA-2014-0007\n   Initial security advisory in conjunction with the release of vCenter\n   Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
        "trust": 0.2,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0112",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN19294237",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "67064",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "127215",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "59500",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59178",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#719225",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152687",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1493",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445",
        "trust": 0.6
      },
      {
        "db": "EXPLOITDB",
        "id": "33142",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "id": "VAR-201404-0286",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1875
  },
  "last_update_date": "2024-04-19T20:14:12.803000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Announcements - 2013 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation",
        "trust": 0.8,
        "url": "http://struts.apache.org/announce.html#a20140424"
      },
      {
        "title": "Security Bulletins S2-020",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
      },
      {
        "title": "Security Bulletins S2-021",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
      },
      {
        "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
        "trust": 0.8,
        "url": "http://struts.apache.org/download.cgi#struts23162"
      },
      {
        "title": "struts-1.2.9-4jpp.8.AXS3 ",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3678\u0026stype=\u0026sproduct=\u0026published=1"
      },
      {
        "title": "Interstage Application Development Cycle Manager(ADM): Apache Struts vulnerable (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html"
      },
      {
        "title": "CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve2014-0094-0114e.html"
      },
      {
        "title": "Interstage Business Process Manager Analytics, Systemwalker Service Quality Coordinator: Vulnerability of allowing attackers to \"manipulate\" the ClassLoader (CVE-2014-0094). May 20th, 2014",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/interstage-bpma201401e.html"
      },
      {
        "title": "Symfoware Server (Open Interface) : Security vulnerabilities of Struts (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
      },
      {
        "title": "Interstage Interaction Manager: Struts1 vulnerability (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_im_201401.html"
      },
      {
        "title": "Interstage Mobile Manager: Struts1 vulnerability (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_mm_201401.html"
      },
      {
        "title": "FUJITSU Integrated System HA Database Ready: Struts2 vulnerabilities (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
      },
      {
        "title": "1680848",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
      },
      {
        "title": "1681190",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
      },
      {
        "title": "2081470",
        "trust": 0.8,
        "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2081470"
      },
      {
        "title": "NV15-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Bug 1091939",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939"
      },
      {
        "title": "Huawei-SA-20140707-01-Struts2",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "Alert/Advisory: Multiple Vulnerabilities in Apache Struts on Trend Micro Products",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.com/solution/ja-jp/1103321.aspx"
      },
      {
        "title": "VMSA-2014-0007",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
      },
      {
        "title": "Red Hat: Important: Red Hat Fuse 7.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190910 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-0112",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0112"
      },
      {
        "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "strutt-cve-2014-0114",
        "trust": 0.1,
        "url": "https://github.com/anob3it/strutt-cve-2014-0114 "
      },
      {
        "title": "-maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/nagauker/-maven-security-versions "
      },
      {
        "title": "maven-security-versions-Travis",
        "trust": 0.1,
        "url": "https://github.com/klee94/maven-security-versions-travis "
      },
      {
        "title": "maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/tmpgit3000/victims "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/alexsh88/victims "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn19294237/index.html"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:0910"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/67064"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939"
      },
      {
        "trust": 1.7,
        "url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59500"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59178"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0112"
      },
      {
        "trust": 0.8,
        "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/719225"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152687/red-hat-security-advisory-2019-0910-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80006"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0112"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/33142/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html-single/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2081470"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vcops"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "BID",
        "id": "67064"
      },
      {
        "date": "2014-04-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "date": "2019-04-30T16:20:15",
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "date": "2014-06-25T21:34:12",
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "date": "2014-04-29T10:37:03.670000",
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "date": "2015-04-16T18:14:00",
        "db": "BID",
        "id": "67064"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "date": "2019-08-12T21:15:12.360000",
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Struts vulnerable to ClassLoader manipulation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.