IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. IBM Information Server and constituent products are impacted. CVE(s): CVE-2014-0114 Affected product(s) and affected version(s): IBM InfoSphere Information Server
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_ibm_infosphere_information_server_components_are_vulnerable_due_to_classloader_manipulation_vulnerability_in_open_source_apache_struts_version_1_cve_2014_0114?lang=e |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-0114 ,CVE-2014-0963 ,CVE-2014-0935 ,CVE-2014-0907 and CVE-2013-6747. |