CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.927

EPSS Ranking 99.7%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2014-0114

Apache » Commons Beanutils » Version: 1.0

cpe:2.3:a:apache:commons_beanutils:1.0
Apache » Commons Beanutils » Version: 1.1

cpe:2.3:a:apache:commons_beanutils:1.1
Apache » Commons Beanutils » Version: 1.2

cpe:2.3:a:apache:commons_beanutils:1.2
Apache » Commons Beanutils » Version: 1.3

cpe:2.3:a:apache:commons_beanutils:1.3
Apache » Commons Beanutils » Version: 1.4

cpe:2.3:a:apache:commons_beanutils:1.4
Apache » Commons Beanutils » Version: 1.4.1

cpe:2.3:a:apache:commons_beanutils:1.4.1
Apache » Commons Beanutils » Version: 1.5

cpe:2.3:a:apache:commons_beanutils:1.5
Apache » Commons Beanutils » Version: 1.6

cpe:2.3:a:apache:commons_beanutils:1.6
Apache » Commons Beanutils » Version: 1.6.1

cpe:2.3:a:apache:commons_beanutils:1.6.1
Apache » Commons Beanutils » Version: 1.7.0

cpe:2.3:a:apache:commons_beanutils:1.7.0
Apache » Commons Beanutils » Version: 1.8.0

cpe:2.3:a:apache:commons_beanutils:1.8.0
Apache » Commons Beanutils » Version: 1.8.1

cpe:2.3:a:apache:commons_beanutils:1.8.1
Apache » Commons Beanutils » Version: 1.8.2

cpe:2.3:a:apache:commons_beanutils:1.8.2
Apache » Commons Beanutils » Version: 1.8.3

cpe:2.3:a:apache:commons_beanutils:1.8.3
Apache » Commons Beanutils » Version: 1.9.0

cpe:2.3:a:apache:commons_beanutils:1.9.0
Apache » Commons Beanutils » Version: 1.9.1

cpe:2.3:a:apache:commons_beanutils:1.9.1
Apache » Struts » Version: 1.0

cpe:2.3:a:apache:struts:1.0
Apache » Struts » Version: 1.0.2

cpe:2.3:a:apache:struts:1.0.2
Apache » Struts » Version: 1.1

cpe:2.3:a:apache:struts:1.1
Apache » Struts » Version: 1.2.2

cpe:2.3:a:apache:struts:1.2.2
Apache » Struts » Version: 1.2.4

cpe:2.3:a:apache:struts:1.2.4
Apache » Struts » Version: 1.2.6

cpe:2.3:a:apache:struts:1.2.6
Apache » Struts » Version: 1.2.7

cpe:2.3:a:apache:struts:1.2.7
Apache » Struts » Version: 1.2.8

cpe:2.3:a:apache:struts:1.2.8
Apache » Struts » Version: 1.2.9

cpe:2.3:a:apache:struts:1.2.9
Apache » Struts » Version: 1.3.10

cpe:2.3:a:apache:struts:1.3.10
Apache » Struts » Version: 1.3.5

cpe:2.3:a:apache:struts:1.3.5
Apache » Struts » Version: 1.3.8

cpe:2.3:a:apache:struts:1.3.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0114

Products

Pricing

Contact Us