var-201405-0502
Vulnerability from variot
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0502", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.13" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.3.16.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.5" }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.x" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10 and earlier" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75 and earlier" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v5.1 to v5.2" }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16 and earlier" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager st ard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v6.1 to v6.5" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1 and earlier" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "5.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" } ], "sources": [ { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:esmpro_servermanager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zubair Ashraf of IBM X-Force", "sources": [ { "db": "BID", "id": "67218" } ], "trust": 0.3 }, "cve": "CVE-2014-0116", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-0116", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0116", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0116", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0116", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation \" And the session state may change. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.2 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "BID", "id": "67218" }, { "db": "VULMON", "id": "CVE-2014-0116" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0116", "trust": 2.8 }, { "db": "BID", "id": "67218", "trust": 2.0 }, { "db": "SECUNIA", "id": "59816", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002411", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-0116", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "id": "VAR-201405-0502", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T21:45:09.999000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Bug 1094558", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" }, { "title": "Huawei-SA-20140707-01-Struts2", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "S2-022", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "Red Hat: CVE-2014-0116", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0116" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/67218" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59816" }, { "trust": 1.7, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0116" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0116" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34163" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-05-08T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2014-05-06T00:00:00", "db": "BID", "id": "67218" }, { "date": "2014-05-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2014-05-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2014-05-08T10:55:02.967000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2015-04-16T18:14:00", "db": "BID", "id": "67218" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2024-11-21T02:01:24.537000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.