Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for struts RHSA-2014:0474-01
Summary:The remote host is missing an update for the 'struts'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'struts'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Struts is a framework for building web applications with Java.

It was found that the Struts 1 ActionForm object allowed access to the
'class' parameter, which is directly mapped to the getClass() method. A
remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)

All struts users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
using struts must be restarted for this update to take effect.

Affected Software/OS:
struts on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0114
BugTraq ID: 67121
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
Debian Security Information: DSA-2940 (Google Search)
HPdes Security Advisory: HPSBGN03041
HPdes Security Advisory: HPSBMU03090
HPdes Security Advisory: HPSBST03160
RedHat Security Advisories: RHSA-2018:2669
RedHat Security Advisories: RHSA-2019:2995
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.