CVE-2014-0114 Information

Feb 14, 2021 cve

Description

Apache Commons BeanUtils as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2 does not suppress the class property which allows remote attackers to \manipulate\ the ClassLoader and execute arbitrary code via the class parameter as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Reference

http://advisories.mageia.org/MGASA-2014-0219.html http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html http://marc.info/?l=bugtraq&m=140119284401582&w=2 http://marc.info/?l=bugtraq&m=140801096002766&w=2 http://marc.info/?l=bugtraq&m=141451023707502&w=2 http://openwall.com/lists/oss-security/2014/06/15/10 http://openwall.com/lists/oss-security/2014/07/08/1 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/57477 http://secunia.com/advisories/58710 http://secunia.com/advisories/58851 http://secunia.com/advisories/58947 http://secunia.com/advisories/59014 http://secunia.com/advisories/59118 http://secunia.com/advisories/59228 http://secunia.com/advisories/59245 http://secunia.com/advisories/59246 http://secunia.com/advisories/59430 http://secunia.com/advisories/59464 http://secunia.com/advisories/59479 http://secunia.com/advisories/59480 http://secunia.com/advisories/59704 http://secunia.com/advisories/59718 http://secunia.com/advisories/60177 http://secunia.com/advisories/60703 http://www.debian.org/security/2014/dsa-2940 http://www.ibm.com/support/docview.wss?uid=swg21675496 http://www.mandriva.com/security/advisories?name=MDVSA-2014:095 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/67121 http://www.vmware.com/security/advisories/VMSA-2014-0008.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www-01.ibm.com/support/docview.wss?uid=swg21674128 http://www-01.ibm.com/support/docview.wss?uid=swg21674812 http://www-01.ibm.com/support/docview.wss?uid=swg21675266 http://www-01.ibm.com/support/docview.wss?uid=swg21675387 http://www-01.ibm.com/support/docview.wss?uid=swg21675689 http://www-01.ibm.com/support/docview.wss?uid=swg21675898 http://www-01.ibm.com/support/docview.wss?uid=swg21675972 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676110 http://www-01.ibm.com/support/docview.wss?uid=swg21676303 http://www-01.ibm.com/support/docview.wss?uid=swg21676375 http://www-01.ibm.com/support/docview.wss?uid=swg21676931 http://www-01.ibm.com/support/docview.wss?uid=swg21677110 http://www-01.ibm.com/support/docview.wss?uid=swg27042296 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:2995 https://access.redhat.com/solutions/869353 https://bugzilla.redhat.com/show_bug.cgi?id=1091938 https://bugzilla.redhat.com/show_bug.cgi?id=1116665 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 https://issues.apache.org/jira/browse/BEANUTILS-463 https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@3Cdev.commons.apache.org3E https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@3Cuser.commons.apache.org3E https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@3Cissues.activemq.apache.org3E https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@3Ccommits.commons.apache.org3E https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@3Ccommits.commons.apache.org3E https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@3Cdevnull.infra.apache.org3E https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@3Cissues.activemq.apache.org3E https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@3Cdev.commons.apache.org3E https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@3Cdev.drill.apache.org3E https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@3Csolr-user.lucene.apache.org3E https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@3Cdev.commons.apache.org3E https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@3Cannounce.apache.org3E https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@3Ccommits.druid.apache.org3E https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@3Cdev.drill.apache.org3E https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@3Ccommits.commons.apache.org3E https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@3Ccommits.pulsar.apache.org3E https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@3Cgitbox.activemq.apache.org3E https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@3Cdev.commons.apache.org3E https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@3Cnotifications.commons.apache.org3E https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@3Cissues.drill.apache.org3E https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@3Cnotifications.commons.apache.org3E https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@3Cissues.commons.apache.org3E https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@3Csolr-user.lucene.apache.org3E https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@3Cissues.activemq.apache.org3E https://security.gentoo.org/glsa/201607-09 https://security.netapp.com/advisory/ntap-20140911-0001/ https://security.netapp.com/advisory/ntap-20180629-0006/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Share on: