VDB
CVE-2014-0953
CVE-2014-0953
PUBLISHED
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
EPSS 0.23% · 45.9th percentile
Risk Scores
EPSS Score
0.23%
45.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- PoC para CVE-2015-9251 jQuery menor a 3.0.0. (github-poc)
- PoC para CVE-2015-9251 jQuery menor a 3.0.0. (github-poc)
…and 206 more exploits
Timeline
- Mar 6, 2014 PoC Published
- Aug 1, 2014 CVE Published
- Sep 6, 2015 PoC Published
- Feb 14, 2016 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21680230 advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680194 advisory
- https://www-304.ibm.com/support/docview.wss?uid=swg21677032 advisory
- [apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 mailing-list
- 57477 third-party-advisory
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html url
- https://issues.apache.org/jira/browse/BEANUTILS-463 url
- 58710 third-party-advisory
- MDVSA-2014:095 vendor-advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html url
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html url
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html url
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html url
- http://www-01.ibm.com/support/docview.wss?uid=swg21675689 url
- FEDORA-2014-9380 vendor-advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21674812 url
- https://security.netapp.com/advisory/ntap-20140911-0001/ url
- 59464 third-party-advisory
- 59118 third-party-advisory
- https://security.netapp.com/advisory/ntap-20180629-0006/ url
…and 102 more