-
Notifications
You must be signed in to change notification settings - Fork 47
/
Copy path0094.yaml
55 lines (55 loc) · 4.38 KB
/
0094.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
---
cve: 2014-0094
title: "Apache Struts2: Incomplete fix for ClassLoader manipulation via ParametersInterceptor"
description: >
The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
This CVE is kept for reference. The actual fix is attached to CVE-2014-0112/CVE-2014-0113.
references:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
- http://struts.apache.org/docs/s2-021.html
affected:
- groupId: "org.apache.struts"
artifactId: "struts2-core"
version:
- "<=2.3.16.1,2"
fixedin:
- ">=2.3.16.2,2"
package_urls:
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.15.3/struts2-core-2.3.15.3.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.8/struts2-core-2.3.8.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.1.8.1/struts2-core-2.1.8.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.15.2/struts2-core-2.3.15.2.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.14/struts2-core-2.3.14.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.2.1.1/struts2-core-2.2.1.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.4.1/struts2-core-2.3.4.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.14.1/struts2-core-2.3.14.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.14/struts2-core-2.0.14.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.4/struts2-core-2.3.4.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.1.2/struts2-core-2.1.2.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.7/struts2-core-2.3.7.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.2.3.1/struts2-core-2.2.3.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.11/struts2-core-2.0.11.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.1.8/struts2-core-2.1.8.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.11.1/struts2-core-2.0.11.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.3/struts2-core-2.3.3.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.16.1/struts2-core-2.3.16.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.15/struts2-core-2.3.15.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.1/struts2-core-2.3.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.16/struts2-core-2.3.16.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.1.1/struts2-core-2.3.1.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.14.3/struts2-core-2.3.14.3.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.15.1/struts2-core-2.3.15.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.6/struts2-core-2.0.6.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.2.3/struts2-core-2.2.3.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.1.2/struts2-core-2.3.1.2.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.1.6/struts2-core-2.1.6.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.2.1/struts2-core-2.2.1.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.5/struts2-core-2.0.5.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.8/struts2-core-2.0.8.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.11.2/struts2-core-2.0.11.2.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.12/struts2-core-2.3.12.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.0.12/struts2-core-2.0.12.jar
- http://central.maven.org/maven2/org/apache/struts/struts2-core/2.3.14.2/struts2-core-2.3.14.2.jar