Apache Struts 1.3.8
OSS관리자1
게시글 작성 시각 2019-12-12 10:26:53
컴포넌트 명 : Apache Struts
버전 정보 | 취약점 ID | 취약점 최종 보고일 | 심각도 |
---|---|---|---|
1.3.8 | CVE-2014-0114 | 2019/01/16 | 7.5 (High) |
취약점 ID : CVE-2014-0114
취약점 설명 | Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. |
---|---|
대응 방안 | 2 버전으로 업데이트 |
기타 | - |
번호 | 컴포넌트 명 및 버전 | 취약점ID | 심각도 |
취약점 최종 보고일 |
대응방안 |
---|---|---|---|---|---|
97 | Bouncy Castle 1.52 | CVE-2018-1000613 | 7.5 (High) | 2019/04/24 | |
96 | Apache Xerces2 J 2.8.0 | CVE-2012-0881 | 7.8 (High) | 2019/10/18 | |
95 | Apache Xerces2 J 2.9.1 | CVE-2012-0881 | 7.8 (High) | 2019/10/18 | |
94 | Apache Struts 1.3.8 | CVE-2014-0114 | 7.5 (High) | 2019/01/16 | |
93 | Apache Groovy 2.0.5 | CVE-2016-6814 | 7.5 (High) | 2019/01/17 | |
92 | Apache Groovy 2.0.7 | CVE-2016-6814 | 7.5 (High) | 2019/01/17 | |
91 | Apache Groovy 2.3.10 | CVE-2016-6814 | 7.5 (High) | 2019/01/17 | |
90 | Apache Commons Collections 2.1 | CVE-2015-6420 | 7.5 (High) | 2018/10/02 | |
89 | Spring Batch Test 2.1.9.RELEASE | CVE-2019-3774 | 7.5 (High) | 2019/10/10 | |
88 | Infrastructure 2.1.9.RELEASE | CVE-2019-3774 | 7.5 (High) | 2019/10/10 |
0개 댓글