CVE-2014-0114

ADVISORY - github

Summary

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

EPSS Score⁠: 0.92315 (0.997)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

ADVISORY - github

CWE-20⁠

Improper Input Validation

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20⁠

Improper Input Validation

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-470⁠

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Impacted images

Advisories

NIST

CREATED

11 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2014-0114⁠

EXPLOITABILITY SCORE

10

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

GitHub

CREATED

5 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-p66x-2cv9-qq3v⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

N/Ahigh

Debian

CREATED

11 years ago

UPDATED

16 days ago

ADVISORY IDCVE-2014-0114⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

11 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2014-0114⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

11 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2014-0114

EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-20⁠CWE-937⁠

CVSS SCORE

7.5high

Red Hat

CREATED

11 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2014-0114⁠

EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Oracle

CREATED

11 years ago

UPDATED

11 years ago

ADVISORY IDELSA-2014-0474⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

intheWild

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2014-0114⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY