ID

VAR-201404-0286


CVE

CVE-2014-0112


TITLE

Apache Struts2 ClassLoader allows access to class properties via request parameters

Trust: 0.8

sources: CERT/CC: VU#719225

DESCRIPTION

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary: A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * struts2: ClassLoader manipulation via request parameters (CVE-2014-0112) * jetty: HTTP request smuggling (CVE-2017-7657) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112 - ------------------------------------------------------------------------ 1. Summary VMware product updates address security vulnerabilities in Apache Struts library 2. Relevant releases VMware vCenter Operations Management Suite prior to 5.8.2 3. Problem Description a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues. CVE-2014-0112 may lead to remote code execution. This issue was found to be only partially addressed in CVE-2014-0094. CVE-2014-0050 may lead to a denial of service condition. vCenter Operations Management Suite (vCOps) is affected by both CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112 may lead to remote code execution without authentication. vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not by CVE-2014-0112. Workaround A workaround for CVE-2014-0112 is documented in VMware Knowledge Base article 2081470. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCOPS 5.8.x any vCOPS 5.8.2 vCOPS 5.7.x any patch pending * vCO 5.5 any patch pending vCO 5.1 any patch pending vCO 4.2 any patch pending *Customers are advised to apply the workaround or update to vCOps 5.8.2. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Operations Management Suite 5.8.2 ----------------------------------------- Downloads and Documentation: https://www.vmware.com/go/download-vcops 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112 http://kb.vmware.com/kb/2081470 - ------------------------------------------------------------------------ 6. Change log 2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8 wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2014-0112 // CERT/CC: VU#719225 // JVNDB: JVNDB-2014-000045 // BID: 67064 // VULMON: CVE-2014-0112 // PACKETSTORM: 152687 // PACKETSTORM: 127215

AFFECTED PRODUCTS

vendor:apachemodel:strutsscope:gteversion:2.0.0

Trust: 1.0

vendor:apachemodel:strutsscope:ltversion:2.3.16.2

Trust: 1.0

vendor:apache strutsmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:strutsscope:eqversion:2.0.0 to 2.3.16.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 for x86(32bit)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 for x86_64(64bit)

Trust: 0.8

vendor:fujitsumodel:cloud infrastructure management softwarescope: - version: -

Trust: 0.8

vendor:fujitsumodel:integrated system ha database readyscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:business analytics modeling server

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:business process manager analytics

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:extreme transaction processing server

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:mobile manager

Trust: 0.8

vendor:fujitsumodel:interstage application development cycle managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage interaction managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage service integratorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:serverviewscope:eqversion:resource orchestrator

Trust: 0.8

vendor:fujitsumodel:symfowarescope:eqversion:analytics server

Trust: 0.8

vendor:fujitsumodel:symfowarescope:eqversion:server

Trust: 0.8

vendor:fujitsumodel:systemwalker service catalog managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker service quality coordinatorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker software configuration managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:triolescope:eqversion:cloudmiddleset b set

Trust: 0.8

vendor:apachemodel:strutsscope:eqversion:2.3.8

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.7

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.14.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.14

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.4.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.14.3

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.16.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.15

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.4

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.14.2

Trust: 0.6

vendor:apachemodel:software foundation strutsscope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.2

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.8

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.6

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.5

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.2

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.1

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.14

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.12

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.11

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.10

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.9

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.8

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.7

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.6

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.5

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.4

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.3

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.2

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.1

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.3.1.2

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.3.1.1

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.2.3.1

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.4

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.1.3

Trust: 0.3

vendor:apachemodel:software foundation strutsscope:eqversion:2.0.13

Trust: 0.3

sources: CERT/CC: VU#719225 // BID: 67064 // JVNDB: JVNDB-2014-000045 // CNNVD: CNNVD-201404-445 // NVD: CVE-2014-0112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0112
value: HIGH

Trust: 1.0

NVD: CVE-2014-0094
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-000045
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201404-445
value: HIGH

Trust: 0.6

VULMON: CVE-2014-0112
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2014-0094
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-000045
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: CERT/CC: VU#719225 // VULMON: CVE-2014-0112 // JVNDB: JVNDB-2014-000045 // CNNVD: CNNVD-201404-445 // NVD: CVE-2014-0112

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2014-000045 // NVD: CVE-2014-0112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-445

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201404-445

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-000045

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#719225 // VULMON: CVE-2014-0112

PATCH

title:Announcements - 2013 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigationurl:http://struts.apache.org/announce.html#a20140424

Trust: 0.8

title:Security Bulletins S2-020url:http://struts.apache.org/release/2.3.x/docs/s2-020.html

Trust: 0.8

title:Security Bulletins S2-021url:http://struts.apache.org/release/2.3.x/docs/s2-021.html

Trust: 0.8

title:Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2url:http://struts.apache.org/download.cgi#struts23162

Trust: 0.8

title:struts-1.2.9-4jpp.8.AXS3 url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3678&sType=&sProduct=&published=1

Trust: 0.8

title:Interstage Application Development Cycle Manager(ADM): Apache Struts vulnerable (CVE-2014-0094)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html

Trust: 0.8

title:CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulationurl:http://www.fujitsu.com/global/support/products/software/security/products-f/cve2014-0094-0114e.html

Trust: 0.8

title:Interstage Business Process Manager Analytics, Systemwalker Service Quality Coordinator: Vulnerability of allowing attackers to "manipulate" the ClassLoader (CVE-2014-0094). May 20th, 2014url:http://www.fujitsu.com/global/support/products/software/security/products-f/interstage-bpma201401e.html

Trust: 0.8

title:Symfoware Server (Open Interface) : Security vulnerabilities of Struts (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html

Trust: 0.8

title:Interstage Interaction Manager: Struts1 vulnerability (CVE-2014-0094)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_im_201401.html

Trust: 0.8

title:Interstage Mobile Manager: Struts1 vulnerability (CVE-2014-0094)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_mm_201401.html

Trust: 0.8

title:FUJITSU Integrated System HA Database Ready: Struts2 vulnerabilities (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html

Trust: 0.8

title:1680848url:http://www-01.ibm.com/support/docview.wss?uid=swg21680848

Trust: 0.8

title:1681190url:http://www-01.ibm.com/support/docview.wss?uid=swg21681190

Trust: 0.8

title:2081470url:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2081470

Trust: 0.8

title:NV15-001url:http://jpn.nec.com/security-info/secinfo/nv15-001.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - April 2015url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - April 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html

Trust: 0.8

title:Bug 1091939url:https://bugzilla.redhat.com/show_bug.cgi?id=1091939

Trust: 0.8

title:Huawei-SA-20140707-01-Struts2url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

Trust: 0.8

title:April 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/april_2015_critical_patch_update

Trust: 0.8

title:Alert/Advisory: Multiple Vulnerabilities in Apache Struts on Trend Micro Productsurl:http://esupport.trendmicro.com/solution/ja-JP/1103321.aspx

Trust: 0.8

title:VMSA-2014-0007url:http://www.vmware.com/security/advisories/VMSA-2014-0007.html

Trust: 0.8

title:Red Hat: Important: Red Hat Fuse 7.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190910 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2014-0112url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0112

Trust: 0.1

title:VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts libraryurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=3f8f92a767d3e2773247be2d5077cbee

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585

Trust: 0.1

title:strutt-cve-2014-0114url:https://github.com/anob3it/strutt-cve-2014-0114

Trust: 0.1

title:-maven-security-versionsurl:https://github.com/nagauker/-maven-security-versions

Trust: 0.1

title:maven-security-versions-Travisurl:https://github.com/klee94/maven-security-versions-Travis

Trust: 0.1

title:maven-security-versionsurl:https://github.com/victims/maven-security-versions

Trust: 0.1

title:victimsurl:https://github.com/tmpgit3000/victims

Trust: 0.1

title:victimsurl:https://github.com/alexsh88/victims

Trust: 0.1

title:Threatposturl:https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/

Trust: 0.1

sources: VULMON: CVE-2014-0112 // JVNDB: JVNDB-2014-000045

EXTERNAL IDS

db:NVDid:CVE-2014-0112

Trust: 3.0

db:JVNid:JVN19294237

Trust: 2.5

db:JVNDBid:JVNDB-2014-000045

Trust: 2.5

db:BIDid:67064

Trust: 2.0

db:PACKETSTORMid:127215

Trust: 1.8

db:SECUNIAid:59500

Trust: 1.7

db:SECUNIAid:59178

Trust: 1.7

db:CERT/CCid:VU#719225

Trust: 1.6

db:PACKETSTORMid:152687

Trust: 0.7

db:AUSCERTid:ESB-2019.1493

Trust: 0.6

db:CNNVDid:CNNVD-201404-445

Trust: 0.6

db:EXPLOITDBid:33142

Trust: 0.1

db:VULMONid:CVE-2014-0112

Trust: 0.1

sources: CERT/CC: VU#719225 // VULMON: CVE-2014-0112 // BID: 67064 // JVNDB: JVNDB-2014-000045 // PACKETSTORM: 152687 // PACKETSTORM: 127215 // CNNVD: CNNVD-201404-445 // NVD: CVE-2014-0112

REFERENCES

url:http://jvn.jp/en/jp/jvn19294237/index.html

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:0910

Trust: 2.5

url:http://www.securityfocus.com/bid/67064

Trust: 2.4

url:http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html

Trust: 2.3

url:http://www.vmware.com/security/advisories/vmsa-2014-0007.html

Trust: 2.3

url:http://jvndb.jvn.jp/jvndb/jvndb-2014-000045

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1091939

Trust: 1.7

url:https://cwiki.apache.org/confluence/display/ww/s2-021

Trust: 1.7

url:http://secunia.com/advisories/59500

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21676706

Trust: 1.7

url:http://secunia.com/advisories/59178

Trust: 1.7

url:http://www.securityfocus.com/archive/1/532549/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/531952/100/0/threaded

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112

Trust: 0.9

url:http://struts.apache.org/announce.html#a20140424

Trust: 0.8

url:http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apache-struts-vulnerability/

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0112

Trust: 0.8

url:http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/719225

Trust: 0.8

url:https://packetstormsecurity.com/files/152687/red-hat-security-advisory-2019-0910-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80006

Trust: 0.6

url:http://struts.apache.org/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0112

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0112

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/

Trust: 0.1

url:https://www.exploit-db.com/exploits/33142/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38390

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7657

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html-single/release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7525

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7657

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.3.0

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050

Trust: 0.1

url:https://twitter.com/vmwaresrc

Trust: 0.1

url:https://www.vmware.com/support/policies/lifecycle.html

Trust: 0.1

url:http://kb.vmware.com/kb/2081470

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:https://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://www.vmware.com/security/advisories

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0094

Trust: 0.1

url:https://www.vmware.com/go/download-vcops

Trust: 0.1

sources: CERT/CC: VU#719225 // VULMON: CVE-2014-0112 // BID: 67064 // JVNDB: JVNDB-2014-000045 // PACKETSTORM: 152687 // PACKETSTORM: 127215 // CNNVD: CNNVD-201404-445 // NVD: CVE-2014-0112

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 152687 // CNNVD: CNNVD-201404-445

SOURCES

db:CERT/CCid:VU#719225
db:VULMONid:CVE-2014-0112
db:BIDid:67064
db:JVNDBid:JVNDB-2014-000045
db:PACKETSTORMid:152687
db:PACKETSTORMid:127215
db:CNNVDid:CNNVD-201404-445
db:NVDid:CVE-2014-0112

LAST UPDATE DATE

2024-09-09T22:44:52.432000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#719225date:2014-07-24T00:00:00
db:VULMONid:CVE-2014-0112date:2019-08-12T00:00:00
db:BIDid:67064date:2015-04-16T18:14:00
db:JVNDBid:JVNDB-2014-000045date:2015-05-08T00:00:00
db:CNNVDid:CNNVD-201404-445date:2019-08-14T00:00:00
db:NVDid:CVE-2014-0112date:2019-08-12T21:15:12.360

SOURCES RELEASE DATE

db:CERT/CCid:VU#719225date:2014-04-25T00:00:00
db:VULMONid:CVE-2014-0112date:2014-04-29T00:00:00
db:BIDid:67064date:2014-04-24T00:00:00
db:JVNDBid:JVNDB-2014-000045date:2014-04-25T00:00:00
db:PACKETSTORMid:152687date:2019-04-30T16:20:15
db:PACKETSTORMid:127215date:2014-06-25T21:34:12
db:CNNVDid:CNNVD-201404-445date:2014-04-24T00:00:00
db:NVDid:CVE-2014-0112date:2014-04-29T10:37:03.670