Computer Security
[EN] securityvulns.ru no-pyccku


Apache commons-beanutils code exeuction
Published:17.06.2014
Source:
SecurityVulns ID:13845
Type:library
Threat Level:
5/10
Description:ActionForm class parameter unrestricted access.
CVE:CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.)
Original documentdocumentDavid Jorm, [oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE (17.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod