RedHat Update For Struts RHSA-2014:0474-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

Affected

struts on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2014-May/msg00005.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0114
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1102
RedHat Security Advisory RHSA-2009:0431
RedHat Security Advisory RHSA-2009:0955
RedHat Security Advisory RHSA-2009:0369
RedHat Security Advisory RHSA-2009:0445

RedHat Update for struts RHSA-2014:0474-01

Take action and discover your vulnerabilities