CVE-2014-0094

EPSS 93.13%
Veröffentlicht 11.03.2014 13:00:37
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Struts Version >= 2.0.0 < 2.3.16.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.13%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Third Party Advisory

http://jvn.jp/en/jp/JVN19294237/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045

Third Party Advisory

VDB Entry

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

Third Party Advisory

VDB Entry

http://secunia.com/advisories/56440

Vendor Advisory

http://secunia.com/advisories/59178

Permissions Required

http://struts.apache.org/release/2.3.x/docs/s2-020.html

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

Third Party Advisory

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

Third Party Advisory

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

Third Party Advisory

http://www.securityfocus.com/archive/1/531362/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/532549/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/65999

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1029876

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0094

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0094

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-0094