...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | ClassLoader manipulation |
Maximum security rating | HighImportant |
Recommendation | Developers should immediately upgrade to Struts 2.3.20 |
Affected Software | Struts 2.0.0 - Struts 2.3.16.3 |
Reporter | NTT-CERT via JPCERT/CC, |
CVE Identifier | CVE-2014-0112 - Incomplete fix for ClassLoader manipulation via ParametersInterceptor CVE-2014-0113 - ClassLoader manipulation via CookieInterceptor when configured to accept all cookies |
...