Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
References
Link Providers
http://advisories.mageia.org/MGASA-2014-0219.html cve-icon cve-icon
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html cve-icon cve-icon
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140119284401582&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140801096002766&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141451023707502&w=2 cve-icon cve-icon
http://openwall.com/lists/oss-security/2014/06/15/10 cve-icon cve-icon
http://openwall.com/lists/oss-security/2014/07/08/1 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://secunia.com/advisories/57477 cve-icon cve-icon
http://secunia.com/advisories/58710 cve-icon cve-icon
http://secunia.com/advisories/58851 cve-icon cve-icon
http://secunia.com/advisories/58947 cve-icon cve-icon
http://secunia.com/advisories/59014 cve-icon cve-icon
http://secunia.com/advisories/59118 cve-icon cve-icon
http://secunia.com/advisories/59228 cve-icon cve-icon
http://secunia.com/advisories/59245 cve-icon cve-icon
http://secunia.com/advisories/59246 cve-icon cve-icon
http://secunia.com/advisories/59430 cve-icon cve-icon
http://secunia.com/advisories/59464 cve-icon cve-icon
http://secunia.com/advisories/59479 cve-icon cve-icon
http://secunia.com/advisories/59480 cve-icon cve-icon
http://secunia.com/advisories/59704 cve-icon cve-icon
http://secunia.com/advisories/59718 cve-icon cve-icon
http://secunia.com/advisories/60177 cve-icon cve-icon
http://secunia.com/advisories/60703 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21674128 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21674812 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675266 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675387 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675689 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675898 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21675972 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676091 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676110 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676303 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676375 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676931 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677110 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg27042296 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2940 cve-icon cve-icon
http://www.ibm.com/support/docview.wss?uid=swg21675496 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2014:095 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/67121 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0008.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2669 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2995 cve-icon cve-icon
https://access.redhat.com/solutions/869353 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1091938 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1116665 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 cve-icon cve-icon
https://issues.apache.org/jira/browse/BEANUTILS-463 cve-icon cve-icon
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0114 cve-icon
https://security.gentoo.org/glsa/201607-09 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20140911-0001/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20180629-0006/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0114 cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-30T10:00:00

Updated: 2024-08-06T09:05:38.989Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0114

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-04-30T10:49:03.973

Modified: 2024-11-21T02:01:23.960

Link: CVE-2014-0114

cve-icon Redhat

Severity : Important

Publid Date: 2014-04-29T00:00:00Z

Links: CVE-2014-0114 - Bugzilla