CVE-2014-0094

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://jvn.jp/en/jp/JVN19294237/index.html	Third Party Advisory VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html	Third Party Advisory VDB Entry
http://secunia.com/advisories/56440	Vendor Advisory
http://secunia.com/advisories/59178	Permissions Required
http://struts.apache.org/release/2.3.x/docs/s2-020.html	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676706	Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm	Third Party Advisory
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Third Party Advisory
http://www.securityfocus.com/archive/1/531362/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/532549/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/65999	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029876	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0007.html	Third Party Advisory
http://jvn.jp/en/jp/JVN19294237/index.html	Third Party Advisory VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html	Third Party Advisory VDB Entry
http://secunia.com/advisories/56440	Vendor Advisory
http://secunia.com/advisories/59178	Permissions Required
http://struts.apache.org/release/2.3.x/docs/s2-020.html	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676706	Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm	Third Party Advisory
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Third Party Advisory
http://www.securityfocus.com/archive/1/531362/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/532549/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/65999	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029876	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0007.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:01

Information

Published : 2014-03-11 13:00

Updated : 2025-04-12 10:46

NVD link : CVE-2014-0094

Mitre link : CVE-2014-0094

CVE.ORG link : CVE-2014-0094

JSON object : View

Products Affected

apache

struts

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-0094", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-11T13:00:37.107", "references": [{"url": "http://jvn.jp/en/jp/JVN19294237/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/56440", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/59178", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/531362/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/65999", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1029876", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://jvn.jp/en/jp/JVN19294237/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/56440", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/59178", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/531362/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65999", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029876", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method."}, {"lang": "es", "value": "ParametersInterceptor en Apache Struts versiones anteriores a 2.3.16.2, permite a atacantes remotos \"manipulate\" el ClassLoader por medio del par\u00e1metro class, que se pasa al m\u00e9todo getClass."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96319FC9-4E50-4B46-B2B1-16248275B717", "versionEndExcluding": "2.3.16.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10