IBM Support

IV61061: APACHE STRUTS 1.X ZERO DAY VULNERABILITY CVE-2014-0114

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Apache Struts 1.X could allow a remote attacker to execute
    arbitrary code on the system, caused by the failure to restrict
    the setting of Class Loader attributes. An attacker could
    exploit this vulnerability using the class parameter of an
    ActionForm object to manipulate the ClassLoader and execute
    arbitrary code on the system. There is partial impact to
    confidentiality, integrity, and availability.
    

Local fix

Problem summary

  • Code mitigation is in place for 7.0 Maintenance Release 5 Patch
    8 IF01
    

Problem conclusion

  • Code migitation was used to correct this vulnerability and the
    fix will be included in all future releases.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV61061

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-06-02

  • Closed date

    2014-06-03

  • Last modified date

    2014-06-03

  • APAR is sysrouted FROM one or more of the following:

    IV61039

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: IBM QRadar SIEM

Software version: 700

Reference #: IV61061

Modified date: 03 June 2014


Translate this page: