var-201404-0287
Vulnerability from variot
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "lt", "trust": 1.8, "vendor": "apache", "version": "2.3.16.2" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "5.0" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.5" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.0" }, { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.1" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10" }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager standard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.3" }, { "model": "keybox", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.02" }, { "model": "ec2box", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.01" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.16" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.14" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.13" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling order management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.00" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.10" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.2" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.2" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.1" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.3" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "5.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.41" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "keybox", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.03" }, { "model": "ec2box", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.02" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.2" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.6" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.4" }, { "model": "struts", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.3.16.2" } ], "sources": [ { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.16.2", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0113" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.", "sources": [ { "db": "BID", "id": "67081" } ], "trust": 0.3 }, "cve": "CVE-2014-0113", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0113", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0113", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0113", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "BID", "id": "67081" }, { "db": "VULMON", "id": "CVE-2014-0113" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0113", "trust": 2.8 }, { "db": "SECUNIA", "id": "59178", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002269", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6 }, { "db": "BID", "id": "67081", "trust": 0.3 }, { "db": "EXPLOITDB", "id": "33142", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0113", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "id": "VAR-201404-0287", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2023-12-18T11:41:25.261000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Bulletins S2-021", "trust": 0.8, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2", "trust": 0.8, "url": "http://struts.apache.org/download.cgi#struts23162" }, { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "struts-2.3.16.2-all", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49668" }, { "title": "Red Hat: CVE-2014-0113", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0113" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.7, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113" }, { "trust": 0.3, "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc" }, { "trust": 0.3, "url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02" }, { "trust": 0.3, "url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893" }, { "trust": 0.3, "url": "http://struts.apache.org/development/2.x/docs/s2-021.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/33142/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2014-04-28T00:00:00", "db": "BID", "id": "67081" }, { "date": "2014-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2014-04-29T10:37:03.700000", "db": "NVD", "id": "CVE-2014-0113" }, { "date": "2014-04-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2015-05-07T17:38:00", "db": "BID", "id": "67081" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2019-08-12T21:15:12.563000", "db": "NVD", "id": "CVE-2014-0113" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.