IV61058: APACHE STRUTS 1.X ZERO DAY VULNERABILITY CVE-2014-0114
Closed as program error.
Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability.
Code mitigation has been released in 7.1.0 Maintenance Release 2 Patch 6 IF01
Code mitigation has been released and will be included in all future versions.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
Translate this page: