Oval Definition:oval:com.redhat.rhsa:def:20140474
Revision Date:2014-05-07Version:641
Title:RHSA-2014:0474: struts security update (Important)
Description:Apache Struts is a framework for building web applications with Java.

  • It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)

    All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-0114
    CVE-2014-0114
    RHSA-2014:0474
    RHSA-2014:0474-00
    RHSA-2014:0474-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • struts is earlier than 0:1.2.9-4jpp.8.el5_10
  • AND struts is signed with Red Hat redhatrelease2 key
  • struts-javadoc is earlier than 0:1.2.9-4jpp.8.el5_10
  • AND struts-javadoc is signed with Red Hat redhatrelease2 key
  • struts-manual is earlier than 0:1.2.9-4jpp.8.el5_10
  • AND struts-manual is signed with Red Hat redhatrelease2 key
  • struts-webapps-tomcat5 is earlier than 0:1.2.9-4jpp.8.el5_10
  • AND struts-webapps-tomcat5 is signed with Red Hat redhatrelease2 key
    • BACK