CVE-2014-0112

N/A Unknown
Published: April 29, 2014 Modified: May 06, 2026
View on NVD

Description

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://jvn.jp/en/jp/JVN19294237/index.html
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://secunia.com/advisories/59178
Source: secalert@redhat.com
Permissions Required
http://secunia.com/advisories/59500
Source: secalert@redhat.com
Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg21676706
Source: secalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Source: secalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/archive/1/531952/100/0/threaded
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/532549/100/0/threaded
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/67064
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
Source: secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0910
Source: secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1091939
Source: secalert@redhat.com
Issue Tracking
https://cwiki.apache.org/confluence/display/WW/S2-021
Source: secalert@redhat.com
Patch Vendor Advisory
http://jvn.jp/en/jp/JVN19294237/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://secunia.com/advisories/59178
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://secunia.com/advisories/59500
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg21676706
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/531952/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/532549/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/67064
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0910
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1091939
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://cwiki.apache.org/confluence/display/WW/S2-021
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory

28 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
91.4%
100th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

apache

Related CVEs

CVE-2026-8696 7.5
CVE-2026-45672 8.8
CVE-2026-45402 8.1
CVE-2026-45401 8.5
CVE-2026-45400 8.5