REDHAT-BUG-1091938
First published: Mon Apr 28 2014(Updated: )
It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. The root cause of this issue is the fact that commons-beanutils exposes the class property by default, with no mechanism to disable access to it. If a framework built on commons-beanutils does not otherwise suppress access to the class property, then a remote attacker could use this flaw to manipulate the ClassLoader used by the underlying container. This could lead to remote code execution under certain conditions. commons-beanutils 1.9.2 has now shipped, including a specialized BeanIntrospector implementation that allows suppressing properties. Frameworks built on commons-beantutils can make use of the new pre-configured SuppressPropertiesBeanIntrospector to address this flaw.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Struts | ||
| Apache commons-beanutils | <1.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.lac.co.jp/security/alert/2014/04/24_alert_01.html
- http://www.nca.gr.jp/2014/struts_s20/index.html
- http://qiita.com/kawasima/items/670d2591bc8fea19dc1d
- http://mail-archives.apache.org/mod_mbox/struts-user/201405.mbox/%3C53629980.8060805%40apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1092452
- https://access.redhat.com/site/solutions/869353
- https://rhn.redhat.com/errata/RHSA-2014-0474.html
- https://rhn.redhat.com/errata/RHSA-2014-0498.html
- https://rhn.redhat.com/errata/RHSA-2014-0497.html
- https://rhn.redhat.com/errata/RHSA-2014-0500.html
- https://rhn.redhat.com/errata/RHSA-2014-0511.html
- https://github.com/apache/struts1/pull/1
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VCaGk3V53Ua
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:2995
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1091938#c37
- http://svn.apache.org/viewvc?view=revision&revision=1603883
- https://commons.apache.org/proper/commons-beanutils/changes-report.html#a1.9.2
- https://issues.apache.org/jira/browse/BEANUTILS-463
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=4e410e068b8d367c53766a7da712b1b6f3fd8101
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=2412c90ba5584fed123fa6a33e752e6c8eaf74e9
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=f3bdbbcfb853d81941f3cec84e5108779ab8d269
- https://access.redhat.com/security/cve/CVE-2014-0114
- https://commons.apache.org/proper/commons-beanutils/changes-report.html#a1.9.4
- https://issues.apache.org/jira/browse/BEANUTILS-520
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=62e82ad92cf4818709d6044aaf257b73d42659a4
- https://gitbox.apache.org/repos/asf?p=commons-beanutils.git;a=commitdiff;h=3f7f276dd720b7b95ed59387d9ac4561b2acc20b
- https://access.redhat.com/security/cve/CVE-2019-10086
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1767483
- https://bugzilla.redhat.com/show_bug.cgi?id=1091938
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0114
- agent/source
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache struts
- canonical/apache commons-beanutils