BDU:2015-00402

BDU

HighConfirmedExploit available

Уязвимость реализации метода getClass программной платформы Apache Struts связана с недостатками разграничения доступа при использовании кл…

CVSS

7.1

High

EPSS

0.00

Published

2015-01-01

Updated

2015-01-01

Description

Уязвимость реализации метода getClass программной платформы Apache Struts связана с недостатками разграничения доступа при использовании класса ParametersInterceptor с параметром class. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально созданного запроса

Tags · CWE

Pre-auth

Affected products

Apache software foundation StrutsBroadcom inc. Vmware aria automation orchestratorBroadcom inc. Vmware aria operationsBroadcom inc. Vmware aria operationsIbm corp. Ibm sterling field salesIbm corp. Ibm sterling field salesIbm corp. Ibm sterling field salesIbm corp. Ibm sterling field salesIbm corp. Ibm sterling field salesIbm corp. Ibm sterling order managementIbm corp. Ibm sterling selling and fulfillment foundationIbm corp. Ibm sterling selling and fulfillment foundationIbm corp. Ibm sterling selling and fulfillment foundationIbm corp. Ibm sterling selling and fulfillment foundationIbm corp. Ibm sterling selling and fulfillment foundationIbm corp. Ibm sterling web channelIbm corp. Ibm sterling web channelOracle corp. Mysql enterprise monitorOracle corp. Mysql enterprise monitorOracle corp. Webcenter sites

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: C

Changed (C)

Confidentiality Impact

C: L

Low (L)

Integrity Impact

I: L

Low (L)

Availability Impact

A: L

Low (L)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

33142

exploitdb · https://www.exploit-db.com/exploits/33142

Enterprise

41690

exploitdb · https://www.exploit-db.com/exploits/41690

Enterprise

Affected products

Red Hat

Red Hat Jboss Fuse

Oracle

Mysql Enterprise Monitor Webcenter Sites

IBM

Ibm Sterling Order Management Ibm Sterling Field Sales Ibm Sterling Selling And Fulfillment Foundation Ibm Sterling Web Channel

Apache

Struts

Broadcom

Vmware Aria Operations Vmware Aria Automation Orchestrator

Product	Vendor	Status
struts	apache software foundation	Tracked
vmware aria automation orchestrator	broadcom inc.	Tracked
vmware aria operations	broadcom inc.	Tracked
vmware aria operations	broadcom inc.	Tracked
ibm sterling field sales	ibm corp.	Tracked
ibm sterling field sales	ibm corp.	Tracked
ibm sterling field sales	ibm corp.	Tracked
ibm sterling field sales	ibm corp.	Tracked
ibm sterling field sales	ibm corp.	Tracked
ibm sterling order management	ibm corp.	Tracked
ibm sterling selling and fulfillment foundation	ibm corp.	Tracked
ibm sterling selling and fulfillment foundation	ibm corp.	Tracked
ibm sterling selling and fulfillment foundation	ibm corp.	Tracked
ibm sterling selling and fulfillment foundation	ibm corp.	Tracked
ibm sterling selling and fulfillment foundation	ibm corp.	Tracked
ibm sterling web channel	ibm corp.	Tracked
ibm sterling web channel	ibm corp.	Tracked
mysql enterprise monitor	oracle corp.	Tracked
mysql enterprise monitor	oracle corp.	Tracked
webcenter sites	oracle corp.	Tracked

Showing first 20 of 22

Source databases

BDU

Related vulnerabilities

CVE-2014-0112

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112@@https://access.redhat.com/security/cve/cve-2014-0112@http://www-01.ibm.com/support/docview.wss?uid=swg21676706@https://www.vmware.com/security/advisories/VMSA-2014-0007.html@https://www.oracle.com/security-alerts/cpuapr2015.html@http://jvn.jp/en/jp/JVN19294237/index.html@http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045@http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html@https://nvd.nist.gov/vuln/detail/CVE-2014-0112