Lucene search
GitHub Advisory DatabaseGHSA-HMHQ-382Q-MP56HistoryMay 14, 2022 - 12:54 a.m.
ClassLoader manipulation in Apache Struts
2022-05-1400:54:14
GitHub Advisory Database
github.com
22
apache struts
cookieinterceptor
classloader manipulation
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.969
Percentile
99.7%
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to “manipulate” the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
Affected configurations
Node
org.apache.strutsstruts2-coreRange<2.3.20
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.struts | struts2-core | * | cpe:2.3:a:org.apache.struts:struts2-core:*:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2014-0116
2014-05-08 00:00:00
CVE-2014-0113
2014-04-29 00:00:00
cvelist
cvelist
CVE-2014-0116
2014-05-08 10:00:00
CVE-2014-0113
2014-04-29 10:00:00
prion
prion
Design/Logic Flaw
2014-05-08 10:55:00
Design/Logic Flaw
2014-04-29 10:37:00
cve
cve
CVE-2014-0116
2014-05-08 10:55:02
CVE-2014-0113
2014-04-29 10:37:03
osv
osv
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:14
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
nvd
nvd
CVE-2014-0116
2014-05-08 10:55:02
CVE-2014-0113
2014-04-29 10:37:03
ibm
ibm
Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
2018-06-18 01:25:07
nessus
nessus
MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities
2015-05-08 00:00:00
Apache Struts 2 CookieInterceptor Unspecified Security Bypass (S2-022)
2014-05-09 00:00:00
MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities
2015-05-08 00:00:00
f5
f5
K15262 : Apache Struts vulnerability CVE-2014-0113
2014-05-15 00:00:00
SOL14933 - Apache Struts vulnerability CVE-2013-2251
2014-01-20 00:00:00
SOL15261 - Apache Struts vulnerability CVE-2014-0112
2014-05-15 00:00:00
openvas
openvas
Apache Struts Security Update (S2-021, S2-022, S2-023, S2-025)
2019-08-28 00:00:00
Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux
2019-08-28 00:00:00
github
github
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
veracode
veracode
Class Loader Manipulation With CookieInterceptor
2014-06-06 18:13:23
huawei
huawei
Security Advisory-Apache Struts2 vulnerability on Huawei multiple products
2014-07-07 00:00:00
exploitdb
exploitdb
Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit)
2014-05-02 00:00:00
checkpoint_advisories
checkpoint_advisories
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.969
Percentile
99.7%
Related for GHSA-HMHQ-382Q-MP56