We have detected a vulnerability on all the DevTest 10.7 app servers with the vulnerable ID as 'CVE-2014-0114'.
Could you please help to provide fix for this vulnerability details provided this vulnerability as below :
CVE Description:Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Details:ITAG Struts Tanium:PRODUCT_HOME:/opt/disk1/Lisa/Env1/Devtest10.7/lib/shared/struts-1.2.9.jar;PRODUCT_TYPE:Struts Framework;
10.7.2
The struts-1.2.9.jar got added as part of a framework inclusion in the product but that jar is not used in the product.
To resolve the reported vulnerability, remove the file /opt/disk1/Lisa/Env1/Devtest10.7/lib/shared/struts-1.2.9.jar and restart DevTest services.