Although the attack vector is the same as that for CVE-2014-0094, this needs to be considered as a separate flaw [1].
Please use CVE-2014-0114 to refer to this flaw affecting Apache Struts 1.x. [1] http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E -- Arun Neelicattu / Red Hat Security Response Team PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
