7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.
On a server where the product in running, a remote attacker may steal information or execute arbitrary code.
**Update the Software **Update to the latest version according to the information provided by the developer.
On 2014 May 23, TERASOLUNA Server Framework for Java(Web) 2.0.5.2, which contains Apache Struts 1.2.9 with SP1 by TERASOLUNA has been released.