What is the severity of RHSA-2014:0498?

The severity of RHSA-2014:0498 is classified as important.

How do I fix RHSA-2014:0498?

To fix RHSA-2014:0498, you should update to the latest version of Fuse ESB Enterprise that includes the security patch.

What vulnerability does RHSA-2014:0498 address?

RHSA-2014:0498 addresses a vulnerability in the Struts 1 ActionForm object that allows unauthorized access to the 'class' parameter.

Can RHSA-2014:0498 lead to remote code execution?

Yes, a remote attacker could exploit RHSA-2014:0498 to manipulate the class loading mechanism, potentially leading to remote code execution.

Is RHSA-2014:0498 applicable to all versions of Fuse ESB Enterprise?

RHSA-2014:0498 specifically affects versions prior to the patched release that addresses the vulnerability.

Vulnerability/
RHSA-2014:0498

14/5/2014

RHSA-2014:0498: Important: Fuse ESB Enterprise 7.1.0 security update

First published: Wed May 14 2014(Updated: )

Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) Refer to the readme.txt file included with the patch files for installation instructions. All users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat Customer Portal are advised to apply this security update.

Affected Software	Affected Version	How to fix

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2014:0498?
The severity of RHSA-2014:0498 is classified as important.
How do I fix RHSA-2014:0498?
To fix RHSA-2014:0498, you should update to the latest version of Fuse ESB Enterprise that includes the security patch.
What vulnerability does RHSA-2014:0498 address?
RHSA-2014:0498 addresses a vulnerability in the Struts 1 ActionForm object that allows unauthorized access to the 'class' parameter.
Can RHSA-2014:0498 lead to remote code execution?
Yes, a remote attacker could exploit RHSA-2014:0498 to manipulate the class loading mechanism, potentially leading to remote code execution.
Is RHSA-2014:0498 applicable to all versions of Fuse ESB Enterprise?
RHSA-2014:0498 specifically affects versions prior to the patched release that addresses the vulnerability.

collector/redhat-errata
anchor-id/RHSA-2014:0498
agent/references
agent/severity
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
agent/title
agent/remedy
agent/tags
agent/softwarecombine
agent/description
agent/guess-ai
agent/software-canonical-lookup

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.