MGASA-2014-0219

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-0114

Published: 14 May 2014, 22:13

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 May 2014, 22:13

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated struts packages fix CVE-2014-0114 Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions (CVE-2014-0114).

Affected Systems

mageia•struts
< 1.3.10-3.1.mga3
mageia•struts
< 1.3.10-4.1.mga4

References (3)

https://advisories.mageia.org/MGASA-2014-0219.html
https://rhn.redhat.com/errata/RHSA-2014-0474.html
https://bugs.mageia.org/show_bug.cgi?id=13342