IV61039: APACHE STRUTS 1.X ZERO DAY VULNERABILITY CVE-2014-0114
Closed as program error.
Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability.
Code mitigation is in place in 7.2.2 Patch 2 IF01
Code migitation was used to correct this vulnerability and the fix will be included in all future releases.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
Translate this page: