CVE-2014-0114

Public exploit
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Max CVSS
7.5
EPSS Score
97.31%
Published
2014-04-30
Updated
2023-02-13

CVE-2014-0112

Public exploit
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
Max CVSS
7.5
EPSS Score
97.40%
Published
2014-04-29
Updated
2019-08-12

CVE-2014-0094

Public exploit
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Max CVSS
5.0
EPSS Score
97.09%
Published
2014-03-11
Updated
2019-08-12

CVE-2014-0050

Public exploit
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Max CVSS
7.5
EPSS Score
16.60%
Published
2014-04-01
Updated
2021-07-17
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!