[jira] [Created] (STR-3220) CVE-2014-0114: Class loader manipulation

Paul Benedict (JIRA) Mon, 23 Jun 2014 15:04:34 -0700

Paul Benedict created STR-3220:
----------------------------------

             Summary: CVE-2014-0114: Class loader manipulation
                 Key: STR-3220
                 URL: https://issues.apache.org/jira/browse/STR-3220
             Project: Struts 1
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.3.10, 1.2.9, 1.0.1
            Reporter: Paul Benedict
            Assignee: Paul Benedict
            Priority: Blocker
             Fix For: 1.1.2, 1.2.10, 1.3.11



The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote 
attackers to "manipulate" the ClassLoader and execute arbitrary code via the 
class parameter, which is passed to the getClass method. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Created] (STR-3220) CVE-2014-0114: Class loader manipulation

Reply via email to