{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-0114", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource" : "FULLDISC", "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name" : "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", "refsource" : "MLIST", "url" : "http://openwall.com/lists/oss-security/2014/06/15/10" }, { "name" : "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", "refsource" : "MLIST", "url" : "http://openwall.com/lists/oss-security/2014/07/08/1" }, { "name" : "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114", "refsource" : "MLIST", "url" : "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html" }, { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938", "refsource" : "CONFIRM", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931" }, { "name" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt", "refsource" : "CONFIRM", "url" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt" }, { "name" : "https://access.redhat.com/solutions/869353", "refsource" : "CONFIRM", "url" : "https://access.redhat.com/solutions/869353" }, { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665", "refsource" : "CONFIRM", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665" }, { "name" : "https://issues.apache.org/jira/browse/BEANUTILS-463", "refsource" : "CONFIRM", "url" : "https://issues.apache.org/jira/browse/BEANUTILS-463" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource" : "CONFIRM", "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", "refsource" : "CONFIRM", "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" }, { "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", "refsource" : "CONFIRM", "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "name" : "http://advisories.mageia.org/MGASA-2014-0219.html", "refsource" : "CONFIRM", "url" : "http://advisories.mageia.org/MGASA-2014-0219.html" }, { "name" : "http://www.ibm.com/support/docview.wss?uid=swg21675496", "refsource" : "CONFIRM", "url" : "http://www.ibm.com/support/docview.wss?uid=swg21675496" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110" }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name" : "https://security.netapp.com/advisory/ntap-20140911-0001/", "refsource" : "CONFIRM", "url" : "https://security.netapp.com/advisory/ntap-20140911-0001/" }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name" : "https://security.netapp.com/advisory/ntap-20180629-0006/", "refsource" : "CONFIRM", "url" : "https://security.netapp.com/advisory/ntap-20180629-0006/" }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource" : "CONFIRM", "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name" : "DSA-2940", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2014/dsa-2940" }, { "name" : "FEDORA-2014-9380", "refsource" : "FEDORA", "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html" }, { "name" : "GLSA-201607-09", "refsource" : "GENTOO", "url" : "https://security.gentoo.org/glsa/201607-09" }, { "name" : "HPSBST03160", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=141451023707502&w=2" }, { "name" : "HPSBGN03041", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=140119284401582&w=2" }, { "name" : "HPSBMU03090", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=140801096002766&w=2" }, { "name" : "MDVSA-2014:095", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095" }, { "name" : "RHSA-2018:2669", "refsource" : "REDHAT", "url" : "https://access.redhat.com/errata/RHSA-2018:2669" }, { "name" : "67121", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/67121" }, { "name" : "58851", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/58851" }, { "name" : "59014", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59014" }, { "name" : "59704", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59704" }, { "name" : "60177", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/60177" }, { "name" : "60703", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/60703" }, { "name" : "57477", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/57477" }, { "name" : "59245", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59245" }, { "name" : "58947", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/58947" }, { "name" : "59118", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59118" }, { "name" : "59228", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59228" }, { "name" : "59246", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59246" }, { "name" : "59430", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59430" }, { "name" : "59464", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59464" }, { "name" : "59479", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59479" }, { "name" : "59480", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59480" }, { "name" : "58710", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/58710" }, { "name" : "59718", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/59718" } ] } }