Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability

Bugtraq ID: 67064
Class: Design Error
CVE: CVE-2014-0112
Remote: Yes
Local: No
Published: Apr 24 2014 12:00AM
Updated: May 07 2015 05:38PM
Credit: The vendor reported this issue.
Vulnerable: VMWare vCenter Operations Management Suite 5.8.1
VMWare vCenter Operations Management Suite 5.7.1
skavanagh KeyBox 2.10.02
skavanagh EC2Box 0.11.01
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 11.1.1.6.1
Oracle MySQL Enterprise Monitor 3.0.10
Oracle MySQL Enterprise Monitor 3.0.9
Oracle MySQL Enterprise Monitor 3.0.8
Oracle MySQL Enterprise Monitor 3.0
Oracle MySQL Enterprise Monitor 2.3.16
Oracle MySQL Enterprise Monitor 2.3.15
Oracle MySQL Enterprise Monitor 2.3.14
Oracle MySQL Enterprise Monitor 2.3.13
Oracle MySQL Enterprise Monitor 3.0.4
Oracle MySQL Enterprise Monitor 2.3
IBM Sterling Web Channel 9.1
IBM Sterling Web Channel 9.0
IBM Sterling Selling and Fulfillment Foundation 9.2.1
IBM Sterling Selling and Fulfillment Foundation 9.2
IBM Sterling Selling and Fulfillment Foundation 9.1
IBM Sterling Selling and Fulfillment Foundation 9.0
IBM Sterling Order Management 8.5
IBM Sterling Field Sales 9.2.1
IBM Sterling Field Sales 9.2.0
IBM Sterling Field Sales 9.1.0
IBM Sterling Field Sales 9.0
IBM Platform Symphony 6.1.1
IBM Platform Symphony 6.1
IBM Platform Symphony 5.2
IBM Platform HPC 4.1.1
IBM Platform HPC 4.1
IBM Platform HPC 3.2
IBM Platform Cluster Manager 4.1.1
IBM Platform Cluster Manager 4.1
IBM Platform Cluster Manager 3.2
IBM Platform Application Center 9.1.2
IBM Platform Application Center 9.1.1
IBM Platform Application Center 9.1
IBM Platform Application Center 8.3
IBM FlashSystem V840 9848-AE1
IBM FlashSystem V840 9848-AC1
IBM FlashSystem V840 9848-AC0
IBM FlashSystem V840 9846-AE1
IBM FlashSystem V840 9846-AC1
IBM FlashSystem V840 9846-AC0
IBM FlashSystem V840 9840-AE1
IBM FlashSystem 840 9848-AE1
IBM FlashSystem 840 9846-AE1
IBM FlashSystem 840 9843-AE1
IBM FlashSystem 840 9840-AE1
IBM FlashSystem 840 0
IBM Connections 3.0 0
IBM Connections 2.0.1 0
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
IBM Connections 3.0.1.1
IBM Connections 3.0.1.0
IBM Connections 3.0.1
IBM Connections 3.0
IBM Connections 2.5.0.3
IBM Connections 2.5.0.2
IBM Connections 2.5.0.1
IBM Connections 2.5.0.0
IBM Connections 2.0.1.1
IBM Connections 2.0.0.0
Arubanetworks ClearPass 6.0.2
Arubanetworks ClearPass 6.0.1
Arubanetworks ClearPass 6.3.0
Arubanetworks ClearPass 6.2.0
Arubanetworks ClearPass 6.1.3
Arubanetworks ClearPass 6.1.0
Arubanetworks ClearPass 5.0
Apache Struts 2.3.4 1
Apache Struts 2.3.4
Apache Struts 2.2.3
Apache Struts 2.2
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.2
Apache Struts 2.1.1
Apache Struts 2.1
Apache Struts 2.0.14
Apache Struts 2.0.12
Apache Struts 2.0.11
Apache Struts 2.0.10
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.4
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.1
Apache Struts 2.0
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.1.3
Apache Struts 2.0.13
Not Vulnerable: VMWare vCenter Operations Management Suite 5.8.2
VMWare vCenter Operations Management Suite 5.7.3
skavanagh KeyBox 2.10.03
skavanagh EC2Box 0.11.02
Arubanetworks ClearPass 6.3.2
Arubanetworks ClearPass 6.2.6
Arubanetworks ClearPass 6.1.4
Apache Struts 2.3.16.2


 

Privacy Statement
Copyright 2010, SecurityFocus