Apache Struts ClassLoader Manipulation Security Bypass Vulnerability
Schweregrad:: Mittel
CVE Kennungen:: CVE-2014-0094,CVE-2014-0112,CVE-2014-0114
Hinweisdatum: 24 April 2014
Beschreibung
The ParametersInterceptor in Apache Struts allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1006015
Trend Micro Deep Security DPI Rule Name: 1006015 - Restrict Apache Struts 'class.classLoader' Request
Betroffene Software und Version:
- apache struts 2.0.0
- apache struts 2.0.1
- apache struts 2.0.10
- apache struts 2.0.11
- apache struts 2.0.11.1
- apache struts 2.0.11.2
- apache struts 2.0.12
- apache struts 2.0.13
- apache struts 2.0.14
- apache struts 2.0.2
- apache struts 2.0.3
- apache struts 2.0.4
- apache struts 2.0.5
- apache struts 2.0.6
- apache struts 2.0.7
- apache struts 2.0.8
- apache struts 2.0.9
- apache struts 2.1.0
- apache struts 2.1.1
- apache struts 2.1.2
- apache struts 2.1.3
- apache struts 2.1.4
- apache struts 2.1.5
- apache struts 2.1.6
- apache struts 2.1.8
- apache struts 2.1.8.1
- apache struts 2.2.1
- apache struts 2.2.1.1
- apache struts 2.2.3
- apache struts 2.2.3.1
- apache struts 2.3.1
- apache struts 2.3.1.1
- apache struts 2.3.1.2
- apache struts 2.3.12
- apache struts 2.3.14
- apache struts 2.3.14.1
- apache struts 2.3.14.2
- apache struts 2.3.14.3
- apache struts 2.3.15
- apache struts 2.3.15.1
- apache struts 2.3.15.2
- apache struts 2.3.15.3
- apache struts 2.3.16
- apache struts 2.3.3
- apache struts 2.3.4
- apache struts 2.3.4.1
- apache struts 2.3.7
- apache struts 2.3.8