7.5

CVE-2014-0114

EPSS 92.32%
Published 30.04.2014 10:49:03
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Affected products Warnungen 0 Metrics 2 CWE 1 References 122

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Commons Beanutils Version <= 1.9.1

Apache ≫ Struts Version1.0

Apache ≫ Struts Version1.0.2

Apache ≫ Struts Version1.1

Apache ≫ Struts Version1.1 Updateb1

Apache ≫ Struts Version1.1 Updateb2

Apache ≫ Struts Version1.1 Updateb3

Apache ≫ Struts Version1.1 Updaterc1

Apache ≫ Struts Version1.1 Updaterc2

Apache ≫ Struts Version1.2.2

Apache ≫ Struts Version1.2.4

Apache ≫ Struts Version1.2.6

Apache ≫ Struts Version1.2.7

Apache ≫ Struts Version1.2.8

Apache ≫ Struts Version1.2.9

Apache ≫ Struts Version1.3.5

Apache ≫ Struts Version1.3.8

Apache ≫ Struts Version1.3.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	92.32%	0.997

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

http://secunia.com/advisories/59704

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

http://advisories.mageia.org/MGASA-2014-0219.html

http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html

http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html

http://marc.info/?l=bugtraq&m=140119284401582&w=2

http://marc.info/?l=bugtraq&m=140801096002766&w=2

http://marc.info/?l=bugtraq&m=141451023707502&w=2

http://openwall.com/lists/oss-security/2014/06/15/10

http://openwall.com/lists/oss-security/2014/07/08/1

http://secunia.com/advisories/57477

http://secunia.com/advisories/58710

http://secunia.com/advisories/58851

http://secunia.com/advisories/58947

http://secunia.com/advisories/59014

http://secunia.com/advisories/59118

http://secunia.com/advisories/59228

http://secunia.com/advisories/59245

http://secunia.com/advisories/59246

http://secunia.com/advisories/59430

http://secunia.com/advisories/59464

http://secunia.com/advisories/59479

http://secunia.com/advisories/59480

http://secunia.com/advisories/59718

http://secunia.com/advisories/60177

http://secunia.com/advisories/60703

http://www-01.ibm.com/support/docview.wss?uid=swg21674128

http://www-01.ibm.com/support/docview.wss?uid=swg21674812

http://www-01.ibm.com/support/docview.wss?uid=swg21675266

http://www-01.ibm.com/support/docview.wss?uid=swg21675387

http://www-01.ibm.com/support/docview.wss?uid=swg21675689

http://www-01.ibm.com/support/docview.wss?uid=swg21675898

http://www-01.ibm.com/support/docview.wss?uid=swg21675972

http://www-01.ibm.com/support/docview.wss?uid=swg21676110

http://www-01.ibm.com/support/docview.wss?uid=swg21676303

http://www-01.ibm.com/support/docview.wss?uid=swg21676375

http://www-01.ibm.com/support/docview.wss?uid=swg21676931

http://www-01.ibm.com/support/docview.wss?uid=swg21677110

http://www-01.ibm.com/support/docview.wss?uid=swg27042296

http://www.debian.org/security/2014/dsa-2940

http://www.ibm.com/support/docview.wss?uid=swg21675496

http://www.mandriva.com/security/advisories?name=MDVSA-2014:095

http://www.securityfocus.com/bid/67121

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2019:2995

https://access.redhat.com/solutions/869353

https://bugzilla.redhat.com/show_bug.cgi?id=1091938

https://bugzilla.redhat.com/show_bug.cgi?id=1116665

https://issues.apache.org/jira/browse/BEANUTILS-463

https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E

https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E

https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E

https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E

https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E

https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E

https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E

https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E

https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E

https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E

https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E

https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E

https://security.gentoo.org/glsa/201607-09

https://security.netapp.com/advisory/ntap-20140911-0001/

https://security.netapp.com/advisory/ntap-20180629-0006/

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://nvd.nist.gov/vuln/detail/CVE-2014-0114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0114

EUVD