Vulnerability Name: | CVE-2014-0116 (CCN-93024) |
Assigned: | 2013-12-03 |
Published: | 2014-05-05 |
Updated: | 2019-08-12 |
Summary: | CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. Note: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-264
|
Vulnerability Consequences: | Bypass Security |
References: | Source: MITRE Type: CNA CVE-2014-0116
Source: SECUNIA Type: UNKNOWN 59816
Source: CONFIRM Type: UNKNOWN http://struts.apache.org/release/2.3.x/docs/s2-022.html
Source: CONFIRM Type: UNKNOWN http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
Source: CCN Type: IBM Security Bulletin 1020893 IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
Source: CCN Type: IBM Security Bulletin 1020894 IBM Platform Cluster Manager (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
Source: CCN Type: IBM Security Bulletin 1020895 IBM Platform HPC (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
Source: CCN Type: IBM Security Bulletin 1020896 IBM Platform Application Center (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
Source: CCN Type: IBM Security Bulletin 1674113 Security exposures in IBM Social Media Analytics and IBM Social Media Analytics on Cloud (CVE-2014-0116 and CVE-2014-0114)
Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Source: CCN Type: OSVDB ID: 106550 Apache Struts CookieInterceptor Unspecified Bypass getClass() Method Privilege Escalation
Source: BID Type: UNKNOWN 67218
Source: CCN Type: BID-67218 Apache Struts 'CookieInterceptor' Security Bypass Vulnerability
Source: CCN Type: S2-022 Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals
Source: XF Type: UNKNOWN apache-struts-cve20140116-sec-bypass(93024)
Source: CCN Type: IBM Security Bulletin 6620351 (Call Center for Commerce) IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
Source: CCN Type: IBM Security Bulletin 6620355 (Sterling Order Management) IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:apache:struts:2.0.0:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.5:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.6:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.7:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.9:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.10:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.12:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.13:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.14:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.0:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.5:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.6:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.8.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.3.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.4.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.7:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.12:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16.2:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:apache:struts:2.0.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.5:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.6:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.9:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.10:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.11.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.0:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.12:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.13:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.14:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.0.7:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.0:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.5:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.6:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.1.8.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.2.3.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.8:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.7:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.4.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.4:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.3:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.1.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.12:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.14.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.15.2:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16.1:*:*:*:*:*:*:*OR cpe:/a:apache:struts:2.3.16.2:*:*:*:*:*:*:*AND cpe:/a:ibm:platform_symphony:5.2:*:*:*:*:*:*:*OR cpe:/a:ibm:platform_symphony:6.1.1:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |