Posted   by 

Struts 1 Classloader Vulnerability



Newsletter

Struts 1 Classloader Vulnerability Module

Subscribe to our Threatpost Today newsletter

Struts 1 Classloader Vulnerability Examples

Vulnerability of Apache Struts 1: code execution via ClassLoader Synthesis of the vulnerability An attacker can use the 'class' parameter, to manipulate the ClassLoader, in order to execute code. The version of Struts in use contains a flaw that allows the manipulation of the ClassLoader via the 'class' parameter of an ActionForm object that results a denial of service. Note that this vulnerability may be exploited to execute arbitrary remote code in certain application servers with specific configurations; however, Nessus has not. The version of Apache Struts running on the remote host is 2.x prior to to 2.3.20. It, therefore, is affected by multiple class loader vulnerabilities: - A class loader vulnerability exists in ParametersInterceptor due to improper access restriction to the getClass method. A remote, unauthenticated attacker can exploit this to manipulate the. In Struts1, I heard that there is a classloader vulnerability issue which is cause by CVE-2014-0114. But I am unable to reproduce this respect to my project. Can anyone help me how to reproduce this issue. I googled but not get any procedure of reproducing.

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Classloader

Struts 1 Classloader Exploit

Struts 1 Classloader Vulnerability

Struts 1 Classloader Manipulation Vulnerability Fix

Struts 1 classloader vulnerability module

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Struts 1 Classloader Vulnerability Definition

Sponsored Content

Struts 1 Classloader Vulnerability Assessment

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.