Home > Vulnerability Database > CVE-2014-0114

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2014-0114

Good to know:

Date: April 30, 2014

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Language: Java

Severity Score

4.3

Related Resources (123)

Url: https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E

Url: http://openwall.com/lists/oss-security/2014/06/15/10

Url: http://marc.info/?l=bugtraq&m=140801096002766&w=2

Url: http://secunia.com/advisories/60703

Url: http://seclists.org/fulldisclosure/2014/Dec/23

Url: https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21675898

Url: http://secunia.com/advisories/59430

Url: http://secunia.com/advisories/59718

Url: https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E

Url: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Url: https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E

Url: https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Url: https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E

Url: https://access.redhat.com/errata/RHSA-2019:2995

Url: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Url: https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

Url: https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E

Url: http://openwall.com/lists/oss-security/2014/07/08/1

Url: http://www.vmware.com/security/advisories/VMSA-2014-0008.html

Url: https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E

Url: https://security.gentoo.org/glsa/201607-09

Url: http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

Url: https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E

Url: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Url: https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E

Url: http://www.securityfocus.com/bid/67121

Url: https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21674812

Url: http://secunia.com/advisories/59464

Url: https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg27042296

Url: https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E

Url: http://secunia.com/advisories/59228

Url: https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

Url: https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E

Url: http://advisories.mageia.org/MGASA-2014-0219.html

Url: https://security-tracker.debian.org/tracker/CVE-2014-0114

Url: http://marc.info/?l=bugtraq&m=140119284401582&w=2

Url: http://secunia.com/advisories/60177

Url: https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E

Url: http://secunia.com/advisories/59479

Url: https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676303

Url: https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21674128

Url: http://secunia.com/advisories/58947

Url: https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E

Url: http://secunia.com/advisories/59118

Url: https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E

Url: http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1116665

Url: https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E

Url: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21675972

Url: http://secunia.com/advisories/59480

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21677110

Url: https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E

Url: http://secunia.com/advisories/58710

Url: http://secunia.com/advisories/59246

Url: https://issues.apache.org/jira/browse/BEANUTILS-463

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676931

Url: http://secunia.com/advisories/59245

Url: http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21675689

Url: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Url: https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

Url: https://security.netapp.com/advisory/ntap-20180629-0006/

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0114

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676091

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2014:095

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676375

Url: http://www.debian.org/security/2014/dsa-2940

Url: http://secunia.com/advisories/57477

Url: https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E

Url: https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E

Url: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Url: http://secunia.com/advisories/59014

Url: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Url: https://access.redhat.com/solutions/869353

Url: http://www.securityfocus.com/archive/1/534161/100/0/threaded

Url: https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Url: http://www.ibm.com/support/docview.wss?uid=swg21675496

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0114

Url: https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E

Url: https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

Url: https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Url: http://secunia.com/advisories/58851

Url: https://access.redhat.com/errata/RHSA-2018:2669

Url: https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E

Url: https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E

Url: https://security.netapp.com/advisory/ntap-20140911-0001/

Url: http://marc.info/?l=bugtraq&m=141451023707502&w=2

Url: http://secunia.com/advisories/59704

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1091938

Url: https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E

Url: https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21675387

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21675266

Url: https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676110

Url: https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2014-0114

Severity Score

4.3

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5

CVSS v3

Base Score:	4.3
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	8.1
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Do you need more information?

Contact Us