Vulnerability Details : CVE-2014-0114
Public exploit exists!
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerability category: Input validationExecute code
Products affected by CVE-2014-0114
- cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0114
97.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-0114
-
Apache Struts ClassLoader Manipulation Remote Code Execution
Disclosure Date: 2014-03-06First seen: 2020-04-26exploit/multi/http/struts_code_exec_classloaderThis module exploits a remote command execution vulnerability in Apache Struts versions 1.x (<= 1.3.10) and 2.x (< 2.3.16.2). In Struts 1.x the problem is related with the ActionForm bean population mechanism while in case of Struts 2.x the vulnerability is due to th
CVSS scores for CVE-2014-0114
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0114
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0114
-
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
CVEs (vulnerabilities) that apply to Solr 8.4.1-Apache Mail Archives
-
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E
[jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
http://secunia.com/advisories/59228
Sign in
-
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E
[jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
[GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities-Apache Mail Archives
-
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E
[commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.-Apache Mail Archives
-
http://marc.info/?l=bugtraq&m=140801096002766&w=2
'[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arb' - MARC
-
https://access.redhat.com/solutions/869353
Does CVE-2014-0114 affect Struts 1 in Red Hat products? - Red Hat Customer Portal
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
HPSBGN03669 rev.2 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
-
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E
[jira] [Updated] (BEANUTILS-520) Mitigate CVE-2014-0114-Apache Mail Archives
-
http://secunia.com/advisories/59464
Sign in
-
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E
[commons-configuration] branch master updated: [CONFIGURATION-755][CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.-Apache Mail Archives
-
http://secunia.com/advisories/59245
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676931
IBM Security Bulletin: Classloader Manipulation Vulnerability in Rational Change (CVE-2014-0114)
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
http://advisories.mageia.org/MGASA-2014-0219.html
Mageia Advisory: MGASA-2014-0219 - Updated struts packages fix CVE-2014-0114
-
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E
[jira] [Resolved] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21675387
IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Tivoli Identity Manager/IBM Security Identity Manager (CVE-2014-0114)
-
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] garydgregory commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676303
IBM Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server shipped with IBM Content Collector (CVE-2014-0114)
-
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014
-
https://security.gentoo.org/glsa/201607-09
Commons-BeanUtils: Arbitrary code execution (GLSA 201607-09) — Gentoo security
-
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] chtompki commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E
Re: [beanutils2] CVE-2014-0114 Pull Request-Apache Mail Archives
-
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] dguiney edited a comment on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware opened a new pull request #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://openwall.com/lists/oss-security/2014/07/08/1
oss-security - Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] dguiney commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E
[jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E
[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended-Apache Mail Archives
-
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
VMSA-2014-0008.2
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019
-
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E
[jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
http://secunia.com/advisories/58947
Sign in
-
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html
Apache Ignite Developers - [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114
-
http://secunia.com/advisories/57477
Sign in
-
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E
[jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
http://secunia.com/advisories/59430
Sign in
-
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report-Apache Mail Archives
-
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E
[GitHub] [activemq-artemis] jeloba opened a new pull request #2820: Updated Apache BeanUtils to address CVE-Apache Mail Archives
-
http://marc.info/?l=bugtraq&m=140119284401582&w=2
'[security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remo' - MARC
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
mandriva.com
-
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Oracle Critical Patch Update - October 2014
-
http://openwall.com/lists/oss-security/2014/06/15/10
oss-security - CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE
-
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
Dependencies used by Drill contain known vulnerabilities-Apache Mail Archives
-
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E
Build failed in Jenkins: commons-beanutils #75-Apache Mail Archives
-
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Apache Mail Archives
-
https://issues.apache.org/jira/browse/BEANUTILS-463
[BEANUTILS-463] Class loader vulnerability in DefaultResolver - ASF JIRA
-
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E
[beanutils2] CVE-2014-0114 Pull Request-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21675898
IBM Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition
-
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Apache Mail Archives
-
http://secunia.com/advisories/59480
Sign in
-
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware removed a comment on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://secunia.com/advisories/59118
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20
-
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] ricardovdbroek commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www.ibm.com/support/docview.wss?uid=swg21675496
IBM Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in IBM Global Security Kit (CVE-2014-0963) and in Apache Struts V1.x (CVE-2014-0114)
-
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E
[jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E
[SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.-Apache Mail Archives
-
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017
-
http://www-01.ibm.com/support/docview.wss?uid=swg21674812
IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E
[jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.33
-
https://security.netapp.com/advisory/ntap-20140911-0001/
CVE-2014-0114 Apache Struts Class Suppression Vulnerability in Multiple NetApp Products | NetApp Product Security
-
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E
[SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21675972
IBM Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Web Interface for Content Management (WEBi)
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019
-
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E
[jira] [Created] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114-Apache Mail Archives
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015
-
https://security.netapp.com/advisory/ntap-20180629-0006/
April 2018 Apache Struts Vulnerabilities in NetApp Products | NetApp Product Security
-
http://www-01.ibm.com/support/docview.wss?uid=swg21677110
IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Provisioning Manager for Software (CVE-2014-0114)
-
http://secunia.com/advisories/59246
Sign in
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Oracle Critical Patch Update - October 2016
-
http://www-01.ibm.com/support/docview.wss?uid=swg21675689
IBM notice: The page you requested cannot be displayed
-
http://secunia.com/advisories/59718
Sign in
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019
-
https://access.redhat.com/errata/RHSA-2018:2669
RHSA-2018:2669 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=141451023707502&w=2
'[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, R' - MARC
-
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E
[commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)-Apache Mail Archives
-
http://secunia.com/advisories/59479
Sign in
-
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
[jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.-Apache Mail Archives
-
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities-Apache Mail Archives
-
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] melloware commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www.securityfocus.com/bid/67121
Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
-
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E
[jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E
[jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114-Apache Mail Archives
-
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E
Re: CVEs (vulnerabilities) that apply to Solr 8.4.1-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676110
IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting InfoSphere Identity Insight (CVE-2014-0114)
-
http://www-01.ibm.com/support/docview.wss?uid=swg21675266
IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Records Manager, IBM Content Manager Records Enabler and WebSphere Application Server shipped with IBM Records Manager
-
https://bugzilla.redhat.com/show_bug.cgi?id=1116665
1116665 – (CVE-2014-3540) CVE-2014-3540 commons-beanutils: 'class' property is exposed, potentially leading to RCE
-
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E
[SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.-Apache Mail Archives
-
https://bugzilla.redhat.com/show_bug.cgi?id=1091938
1091938 – (CVE-2014-0114) CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
-
http://secunia.com/advisories/58710
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg27042296
IBM A security issue exists in the Verity dashboard that is installed with IBM FileNet Content Search Engine 4.5.1 and IBM Legacy Content Search Engine 5.0.0
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] Siebes commented on issue #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E
[GitHub] [commons-beanutils] garydgregory merged pull request #7: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…-Apache Mail Archives
-
http://www-01.ibm.com/support/docview.wss?uid=swg21674128
IBM Security Bulletin: One vulnerability in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine (CVE-2014-0114)
-
http://www.debian.org/security/2014/dsa-2940
Debian -- Security Information -- DSA-2940-1 libstruts1.2-java
-
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E
[jira] [Work logged] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114-Apache Mail Archives
-
https://access.redhat.com/errata/RHSA-2019:2995
RHSA-2019:2995 - Security Advisory - Red Hat Customer Portal
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676375
IBM Security Bulletin: Classloader Manipulation Vulnerability in Lotus Quickr 8.5 for WebSphere Portal CVE-2014-0114
-
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E
Re: [beanutils] Towards 1.10-Apache Mail Archives
-
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
[jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.-Apache Mail Archives
-
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
-
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E
Build failed in Jenkins: commons-beanutils #74-Apache Mail Archives
-
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
[GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities-Apache Mail Archives
Jump to