CVE-2014-0114 in DevTest
search cancel

CVE-2014-0114 in DevTest

book

Article ID: 279768

calendar_today

Updated On: 02-26-2024

Products

Service Virtualization

Issue/Introduction

We have detected a vulnerability on all the DevTest 10.7 app servers with the vulnerable ID as 'CVE-2014-0114'.

Could you please help to provide fix for this vulnerability details provided this vulnerability as below :

CVE Description:Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Details:ITAG Struts Tanium:PRODUCT_HOME:/opt/disk1/Lisa/Env1/Devtest10.7/lib/shared/struts-1.2.9.jar;PRODUCT_TYPE:Struts Framework;

Environment

10.7.2

Cause

The struts-1.2.9.jar got added as part of a framework inclusion in the product but that jar is not used in the product.

Resolution

 To resolve the reported vulnerability, remove the file /opt/disk1/Lisa/Env1/Devtest10.7/lib/shared/struts-1.2.9.jar and restart DevTest services.