Lucene search
Ubuntu.comUB:CVE-2014-0113HistoryApr 29, 2014 - 12:00 a.m.
CVE-2014-0113
2014-04-2900:00:00
ubuntu.com
ubuntu.com
20
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.97
Percentile
99.8%
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard
cookiesName value is used, does not properly restrict access to the
getClass method, which allows remote attackers to “manipulate” the
ClassLoader and execute arbitrary code via a crafted request. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2014-0094.
Related
prion
prion
Design/Logic Flaw
2014-04-29 10:37:00
Security feature bypass
2014-03-11 13:00:00
Design/Logic Flaw
2014-05-08 10:55:00
github
github
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:14
osv
osv
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:15
ClassLoader manipulation in Apache Struts
2022-05-14 00:54:14
veracode
veracode
Class Loader Manipulation With CookieInterceptor
2014-06-06 18:13:23
cvelist
cvelist
cve
cve
nvd
nvd
exploitdb
exploitdb
ibm
ibm
Security Bulletin: IBM Sterling Order Management, IBM Sterling Configure, Price, Quote and Sterling Web Channel are affected by Apache Struts 2 security vulnerabilities
2020-02-11 21:39:06
f5
f5
SOL14933 - Apache Struts vulnerability CVE-2013-2251
2014-01-20 00:00:00
SOL15262 - Apache Struts vulnerability CVE-2014-0113
2014-05-15 00:00:00
SOL15260 - Apache Struts vulnerability CVE-2014-0094
2014-05-15 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities
2015-05-08 00:00:00
Apache Struts 2 'class' Parameter ClassLoader Manipulation
2014-03-26 00:00:00
MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities
2015-05-08 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website
2016-12-19 23:00:16
ubuntucve
ubuntucve
cert
cert
seebug
seebug
Apache Struts ClassLoader操作漏洞
2014-03-10 00:00:00
Struts2 远程命令执行
2014-05-04 00:00:00
Apache Struts ClassLoader Manipulation Remote Code Execution
2014-07-01 00:00:00
openvas
openvas
Apache Struts Security Update (S2-020) - Active Check
2014-05-14 00:00:00
Apache Struts 2.x < 2.3.16.1 Multiple Vulnerabilities (S2-020) - Linux
2019-08-28 00:00:00
Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux
2019-08-28 00:00:00
jvn
jvn
JVN#19294237: Apache Struts vulnerable to ClassLoader manipulation
2014-04-25 00:00:00
zdt
zdt
packetstorm
packetstorm
Apache Struts ClassLoader Manipulation Remote Code Execution
2014-05-02 00:00:00
securityvulns
securityvulns
Apache Struts multiple security vulnerabilities
2014-05-07 00:00:00
threatpost
threatpost
VMware Patches Apache Struts Flaws in vCOPS
2014-06-25 13:59:49
metasploit
metasploit
Apache Struts ClassLoader Manipulation Remote Code Execution
2014-04-29 15:36:04
vmware
vmware
huawei
huawei
Security Advisory-Apache Struts2 vulnerability on Huawei multiple products
2014-07-07 00:00:00
rapid7blog
rapid7blog
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
2022-03-30 22:33:54
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.97
Percentile
99.8%
Related for UB:CVE-2014-0113