CVE-2014-0114

Published: Apr 30, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Affected (18)

Products: Apache: Commons Beanutils, Struts

Apache

2 products

Commons Beanutils

Struts

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Commons Beanutils	Up to 1.9.1

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Apache Struts	Version 1.0.2
Apache Struts	Version 1.0
Apache Struts	Version 1.1
Apache Struts	Version 1.1 b1
Apache Struts	Version 1.1 b2
Apache Struts	Version 1.1 b3
Apache Struts	Version 1.1 rc1
Apache Struts	Version 1.1 rc2
Apache Struts	Version 1.2.2
Apache Struts	Version 1.2.4
Apache Struts	Version 1.2.6
Apache Struts	Version 1.2.7
Apache Struts	Version 1.2.8
Apache Struts	Version 1.2.9
Apache Struts	Version 1.3.10
Apache Struts	Version 1.3.5
Apache Struts	Version 1.3.8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (238)

http://advisories.mageia.org/MGASA-2014-0219.html

Source: secalert@redhat.com

http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html

Source: secalert@redhat.com

http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=140119284401582&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=140801096002766&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=141451023707502&w=2

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2014/06/15/10

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2014/07/08/1

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2014/Dec/23

Source: secalert@redhat.com

http://secunia.com/advisories/57477

Source: secalert@redhat.com

http://secunia.com/advisories/58710

Source: secalert@redhat.com

http://secunia.com/advisories/58851

Source: secalert@redhat.com

http://secunia.com/advisories/58947

Source: secalert@redhat.com

http://secunia.com/advisories/59014

Source: secalert@redhat.com

http://secunia.com/advisories/59118

Source: secalert@redhat.com

http://secunia.com/advisories/59228

Source: secalert@redhat.com

http://secunia.com/advisories/59245

Source: secalert@redhat.com

http://secunia.com/advisories/59246

Source: secalert@redhat.com

http://secunia.com/advisories/59430

Source: secalert@redhat.com

http://secunia.com/advisories/59464

Source: secalert@redhat.com

http://secunia.com/advisories/59479

Source: secalert@redhat.com

http://secunia.com/advisories/59480

Source: secalert@redhat.com

http://secunia.com/advisories/59704

Source: secalert@redhat.com

http://secunia.com/advisories/59718

Source: secalert@redhat.com

http://secunia.com/advisories/60177

Source: secalert@redhat.com

http://secunia.com/advisories/60703

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21674128

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21674812

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675266

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675387

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675689

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675898

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675972

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21676110

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21676303

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21676375

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21676931

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21677110

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg27042296

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-2940

Source: secalert@redhat.com

http://www.ibm.com/support/docview.wss?uid=swg21675496

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2014:095

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/67121

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2018:2669

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:2995

Source: secalert@redhat.com

https://access.redhat.com/solutions/869353

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1091938

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1116665

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

Source: secalert@redhat.com

https://issues.apache.org/jira/browse/BEANUTILS-463

Source: secalert@redhat.com

https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201607-09

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20140911-0001/

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20180629-0006/

Source: secalert@redhat.com

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Source: secalert@redhat.com

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0219.html