CVE-2014-0094
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 5
githubgithub.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1★ 1githubgithub.com/y0d3n/CVE-2014-0094★ 1cve_referencepacketstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/33142não verificadoexploitdbwww.exploit-db.com/exploits/41690não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045http://jvn.jp/en/jp/JVN19294237/index.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://secunia.com/advisories/56440http://secunia.com/advisories/59178http://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.securityfocus.com/archive/1/531362/100/0/threadedhttp://www.securityfocus.com/archive/1/532549/100/0/threaded