...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | ClassLoader manipulation |
Maximum security rating | High |
Recommendation | Developers should immediately upgrade to Struts 2.3.16.2 |
Affected Software | Struts 2.0.0 - Struts 2.3.16.1 |
Reporter | Taki Uchiyama (JPCERT/CC), |
CVE Identifier | CVE-2014-0112 - Incomplete fix for ClassLoader manipulation via ParametersInterceptor CVE-2014-0113 - ClassLoader manipulation via CookieInterceptor when configured to accept all cookies |
...