Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

Bugtraq ID: 67121
Class: Design Error
CVE: CVE-2014-0114
Remote: Yes
Local: No
Published: Apr 29 2014 12:00AM
Updated: Jul 22 2014 12:28AM
Credit: Rene Gielen
Vulnerable: RedHat Enterprise Linux Desktop Workstation 5 client
Red Hat Network Satellite Server (for RHEL 6) 5.4
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 5
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM WebSphere Service Registry and Repository 7.5
IBM WebSphere Service Registry and Repository 7.0
IBM WebSphere Service Registry and Repository 6.3
IBM WebSphere Sensor Events 7.0
IBM WebSphere Lombardi Edition 7.2
IBM WebSphere Enterprise Service Bus 7
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.13
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.33
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1
IBM WEB Interface for Content Management 1.0.4
IBM Tivoli Storage Productivity Center 4.2.1
IBM Tivoli Integrated Portal 1.1.1 15
IBM Tivoli Integrated Portal 1.1.1 14
IBM Tivoli Identity Manager 5.0
+ IBM Directory Server 6.0 .0
IBM Tivoli Foundations for Application Manager 1.2
IBM Tivoli Composite Application Manager for Websphere 6.1
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2
IBM Rational Application Developer 7.0
IBM InfoSphere Information Server 8.5
IBM InfoSphere Information Server 8.1
IBM InfoSphere Information Server 8.0
IBM Application Manager for Smart Business 1.2.1
CentOS CentOS 5
Apache Software Foundation Struts 1.3.10
Apache Software Foundation Struts 1.3.8
Apache Software Foundation Struts 1.3.5
Apache Software Foundation Struts 1.2.9
Apache Software Foundation Struts 1.2.8
Apache Software Foundation Struts 1.2.7
+ RedHat Application Server AS 3
+ RedHat Application Server ES 3
+ RedHat Application Server WS 3
Apache Software Foundation Struts 1.2.4
+ RedHat Application Server AS 3
+ RedHat Application Server ES 3
+ RedHat Application Server WS 3
Apache Software Foundation Struts 1.1
Apache Software Foundation Struts 1.0.2
Apache Software Foundation Struts 1.2.6
Apache Software Foundation Struts 1.2.2
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus