CVE-2014-0114

Published: Apr 30, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114

mailing-list

x_refsource_MLIST

57477

third-party-advisory

x_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/BEANUTILS-463

x_refsource_CONFIRM

58710

third-party-advisory

x_refsource_SECUNIA

MDVSA-2014:095

vendor-advisory

x_refsource_MANDRIVA

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21675689

x_refsource_CONFIRM

FEDORA-2014-9380

vendor-advisory

x_refsource_FEDORA

http://www-01.ibm.com/support/docview.wss?uid=swg21674812

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20140911-0001/

x_refsource_CONFIRM

59464

third-party-advisory

x_refsource_SECUNIA

59118

third-party-advisory

x_refsource_SECUNIA

https://security.netapp.com/advisory/ntap-20180629-0006/

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21675387

x_refsource_CONFIRM

https://access.redhat.com/solutions/869353

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1091938

x_refsource_CONFIRM

http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

x_refsource_CONFIRM

http://advisories.mageia.org/MGASA-2014-0219.html

x_refsource_CONFIRM

60703

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21675972

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676375

x_refsource_CONFIRM

[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE

mailing-list

x_refsource_MLIST

RHSA-2018:2669

vendor-advisory

x_refsource_REDHAT

GLSA-201607-09

vendor-advisory

x_refsource_GENTOO

HPSBST03160

vendor-advisory

x_refsource_HP

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_BUGTRAQ

http://www-01.ibm.com/support/docview.wss?uid=swg21675898

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676110

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg27042296

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676303

x_refsource_CONFIRM

59228

third-party-advisory

x_refsource_SECUNIA

59246

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1116665

x_refsource_CONFIRM

[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE

mailing-list

x_refsource_MLIST

59245

third-party-advisory

x_refsource_SECUNIA

HPSBMU03090

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21674128

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676931

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

x_refsource_CONFIRM

60177

third-party-advisory

x_refsource_SECUNIA

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_FULLDISC

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21675496

x_refsource_CONFIRM

DSA-2940

vendor-advisory

x_refsource_DEBIAN

http://www-01.ibm.com/support/docview.wss?uid=swg21675266

x_refsource_CONFIRM

59014

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21677110

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

x_refsource_CONFIRM

67121

vdb-entry

x_refsource_BID

59480

third-party-advisory

x_refsource_SECUNIA

HPSBGN03041

vendor-advisory

x_refsource_HP

59479

third-party-advisory

x_refsource_SECUNIA

59704

third-party-advisory

x_refsource_SECUNIA

58947

third-party-advisory

x_refsource_SECUNIA

59718

third-party-advisory

x_refsource_SECUNIA

59430

third-party-advisory

x_refsource_SECUNIA

58851

third-party-advisory

x_refsource_SECUNIA

[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report

mailing-list

x_refsource_MLIST

[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities

mailing-list

x_refsource_MLIST

[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

x_refsource_MISC

[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)

mailing-list

x_refsource_MLIST

[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74

mailing-list

x_refsource_MLIST

[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.

mailing-list

x_refsource_MLIST

[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75

mailing-list

x_refsource_MLIST

[commons-dev] 20190605 Re: [beanutils] Towards 1.10

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

x_refsource_MISC

https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.

mailing-list

x_refsource_MLIST

[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.

mailing-list

x_refsource_MLIST

[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.

mailing-list

x_refsource_MLIST

[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[activemq-gitbox] 20190903 [GitHub] [activemq-artemis] jeloba opened a new pull request #2820: Updated Apache BeanUtils to address CVE

mailing-list

x_refsource_MLIST

[activemq-issues] 20190904 [jira] [Created] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114

mailing-list

x_refsource_MLIST

[commons-commits] 20190906 [commons-configuration] branch master updated: [CONFIGURATION-755][CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.

mailing-list

x_refsource_MLIST

[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.

mailing-list

x_refsource_MLIST

[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.

mailing-list

x_refsource_MLIST

[activemq-issues] 20190909 [jira] [Work logged] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E

x_refsource_MISC

RHSA-2019:2995

vendor-advisory

x_refsource_REDHAT

[commons-issues] 20191014 [jira] [Updated] (BEANUTILS-520) Mitigate CVE-2014-0114

mailing-list

x_refsource_MLIST

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities

mailing-list

x_refsource_MLIST

[activemq-issues] 20200109 [jira] [Resolved] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114

mailing-list

x_refsource_MLIST

[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1

mailing-list

x_refsource_MLIST

[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1

mailing-list

x_refsource_MLIST

[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0114

Description

Affected Products

References