CVE-2014-0114: Input Validation
First published: Mon Apr 28 2014(Updated: )
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/struts | <0:1.2.9-4jpp.8.el5_10 | 0:1.2.9-4jpp.8.el5_10 |
| redhat/struts | <0:1.3.10-6.ep5.el6 | 0:1.3.10-6.ep5.el6 |
| Apache Commons BeanUtils | <=1.9.1 | |
| Apache Struts | =1.0 | |
| Apache Struts | =1.0.2 | |
| Apache Struts | =1.1 | |
| Apache Struts | =1.1-b1 | |
| Apache Struts | =1.1-b2 | |
| Apache Struts | =1.1-b3 | |
| Apache Struts | =1.1-rc1 | |
| Apache Struts | =1.1-rc2 | |
| Apache Struts | =1.2.2 | |
| Apache Struts | =1.2.4 | |
| Apache Struts | =1.2.6 | |
| Apache Struts | =1.2.7 | |
| Apache Struts | =1.2.8 | |
| Apache Struts | =1.2.9 | |
| Apache Struts | =1.3.5 | |
| Apache Struts | =1.3.8 | |
| Apache Struts | =1.3.10 | |
| maven/commons-beanutils:commons-beanutils | >=1.8.0<1.9.4 | 1.9.4 |
Remedy
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VCaGk3V53Ua
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2014-0114 https://nvd.nist.gov/vuln/detail/CVE-2014-0114
- https://bugzilla.redhat.com/show_bug.cgi?id=1091938
- https://access.redhat.com/errata/RHSA-2014:0498
- https://access.redhat.com/errata/RHSA-2019:2995
- https://access.redhat.com/errata/RHSA-2014:0474
- https://access.redhat.com/errata/RHSA-2014:0497
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2014:0511
- https://access.redhat.com/errata/RHSA-2014:0500
- https://access.redhat.com/security/cve/CVE-2014-0114
- http://advisories.mageia.org/MGASA-2014-0219.html
- http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html
- http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
- http://marc.info/?l=bugtraq&m=140119284401582&w=2
- http://marc.info/?l=bugtraq&m=140801096002766&w=2
- http://marc.info/?l=bugtraq&m=141451023707502&w=2
- http://openwall.com/lists/oss-security/2014/06/15/10
- http://openwall.com/lists/oss-security/2014/07/08/1
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/57477
- http://secunia.com/advisories/58710
- http://secunia.com/advisories/58851
- http://secunia.com/advisories/58947
- http://secunia.com/advisories/59014
- http://secunia.com/advisories/59118
- http://secunia.com/advisories/59228
- http://secunia.com/advisories/59245
- http://secunia.com/advisories/59246
- http://secunia.com/advisories/59430
- http://secunia.com/advisories/59464
- http://secunia.com/advisories/59479
- http://secunia.com/advisories/59480
- http://secunia.com/advisories/59704
- http://secunia.com/advisories/59718
- http://secunia.com/advisories/60177
- http://secunia.com/advisories/60703
- http://www-01.ibm.com/support/docview.wss?uid=swg21674128
- http://www-01.ibm.com/support/docview.wss?uid=swg21674812
- http://www-01.ibm.com/support/docview.wss?uid=swg21675266
- http://www-01.ibm.com/support/docview.wss?uid=swg21675387
- http://www-01.ibm.com/support/docview.wss?uid=swg21675689
- http://www-01.ibm.com/support/docview.wss?uid=swg21675898
- http://www-01.ibm.com/support/docview.wss?uid=swg21675972
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676110
- http://www-01.ibm.com/support/docview.wss?uid=swg21676303
- http://www-01.ibm.com/support/docview.wss?uid=swg21676375
- http://www-01.ibm.com/support/docview.wss?uid=swg21676931
- http://www-01.ibm.com/support/docview.wss?uid=swg21677110
- http://www-01.ibm.com/support/docview.wss?uid=swg27042296
- http://www.debian.org/security/2014/dsa-2940
- http://www.ibm.com/support/docview.wss?uid=swg21675496
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/67121
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/solutions/869353
- https://bugzilla.redhat.com/show_bug.cgi?id=1116665
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://issues.apache.org/jira/browse/BEANUTILS-463
- https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E
- https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E
- https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E
- https://security.gentoo.org/glsa/201607-09
- https://security.netapp.com/advisory/ntap-20140911-0001/
- https://security.netapp.com/advisory/ntap-20180629-0006/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.lac.co.jp/security/alert/2014/04/24_alert_01.html
- http://www.nca.gr.jp/2014/struts_s20/index.html
- http://qiita.com/kawasima/items/670d2591bc8fea19dc1d
- http://mail-archives.apache.org/mod_mbox/struts-user/201405.mbox/%3C53629980.8060805%40apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1092452
- https://access.redhat.com/site/solutions/869353
- https://rhn.redhat.com/errata/RHSA-2014-0474.html
- https://rhn.redhat.com/errata/RHSA-2014-0498.html
- https://rhn.redhat.com/errata/RHSA-2014-0497.html
- https://rhn.redhat.com/errata/RHSA-2014-0500.html
- https://rhn.redhat.com/errata/RHSA-2014-0511.html
- https://github.com/apache/struts1/pull/1
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VCaGk3V53Ua
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1091938#c37
- http://svn.apache.org/viewvc?view=revision&revision=1603883
- https://commons.apache.org/proper/commons-beanutils/changes-report.html#a1.9.2
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=4e410e068b8d367c53766a7da712b1b6f3fd8101
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=2412c90ba5584fed123fa6a33e752e6c8eaf74e9
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=f3bdbbcfb853d81941f3cec84e5108779ab8d269
- https://commons.apache.org/proper/commons-beanutils/changes-report.html#a1.9.4
- https://issues.apache.org/jira/browse/BEANUTILS-520
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=62e82ad92cf4818709d6044aaf257b73d42659a4
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=3f7f276dd720b7b95ed59387d9ac4561b2acc20b
- https://access.redhat.com/security/cve/CVE-2019-10086
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1767483
- https://nvd.nist.gov/vuln/detail/CVE-2014-0114
- https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E
- https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3Cissues.activemq.apache.org%3E
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077
- https://web.archive.org/web/20140618110851/http://www.securityfocus.com/bid/67121
- https://web.archive.org/web/20150710065242/http://www.securityfocus.com/archive/1/534161/100/0/threaded
- https://github.com/apache/commons-beanutils/pull/7
- https://github.com/apache/commons-beanutils/commit/62e82ad92cf4818709d6044aaf257b73d42659a4
- https://security.netapp.com/advisory/ntap-20180629-0006
- https://security.netapp.com/advisory/ntap-20140911-0001
- https://github.com/advisories/GHSA-p66x-2cv9-qq3v (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2014-0114?
CVE-2014-0114 is classified as a moderate severity vulnerability.
How do I fix CVE-2014-0114?
To mitigate CVE-2014-0114, update Apache Commons BeanUtils to version 1.9.4 or later.
What software is affected by CVE-2014-0114?
CVE-2014-0114 affects Apache Struts versions up to 1.3.10 and Apache Commons BeanUtils versions up to 1.9.1.
Can CVE-2014-0114 lead to remote code execution?
Yes, CVE-2014-0114 allows remote attackers to manipulate the ClassLoader, which can lead to remote code execution.
Is there a patch available for CVE-2014-0114?
Yes, patches are available in updated versions of Apache Commons BeanUtils and Apache Struts.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0114
- agent/severity
- agent/weakness
- agent/remedy
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-p66x-2cv9-qq3v
- agent/software-canonical-lookup
- agent/references
- agent/description
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat
- vendor/apache
- canonical/apache commons beanutils
- version/apache commons beanutils/1.9.1
- canonical/apache struts
- version/apache struts/1.0
- version/apache struts/1.0.2
- version/apache struts/1.1
- version/apache struts/1.1-b1
- version/apache struts/1.1-b2
- version/apache struts/1.1-b3
- version/apache struts/1.1-rc1
- version/apache struts/1.1-rc2
- version/apache struts/1.2.2
- version/apache struts/1.2.4
- version/apache struts/1.2.6
- version/apache struts/1.2.7
- version/apache struts/1.2.8
- version/apache struts/1.2.9
- version/apache struts/1.3.5
- version/apache struts/1.3.8
- version/apache struts/1.3.10
- package-manager/maven