CentOS Update For Struts CESA-2014:0474 Centos5 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

Affected

struts on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2014-May/020284.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0114

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0344 (libsoup)
CentOS Security Advisory CESA-2009:0337 (php)
CentOS Security Advisory CESA-2009:0003 (xen)
CentOS Security Advisory CESA-2009:0420 (ghostscript)
CentOS Security Advisory CESA-2009:1163 (seamonkey)

CentOS Update for struts CESA-2014:0474 centos5

Take action and discover your vulnerabilities