Vulnerabilities > CVE-2014-0114 - Improper Input Validation vulnerability in Apache Commons Beanutils and Struts
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Exploit-Db
id | EDB-ID:41690 |
last seen | 2018-11-30 |
modified | 2014-03-06 |
published | 2014-03-06 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/41690 |
title | Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit) |
Metasploit
description | This module exploits a remote command execution vulnerability in Apache Struts versions 1.x (<= 1.3.10) and 2.x (< 2.3.16.2). In Struts 1.x the problem is related with the ActionForm bean population mechanism while in case of Struts 2.x the vulnerability is due to the ParametersInterceptor. Both allow access to 'class' parameter that is directly mapped to getClass() method and allows ClassLoader manipulation. As a result, this can allow remote attackers to execute arbitrary Java code via crafted parameters. |
id | MSF:EXPLOIT/MULTI/HTTP/STRUTS_CODE_EXEC_CLASSLOADER |
last seen | 2020-06-05 |
modified | 2019-01-29 |
published | 2014-04-29 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/struts_code_exec_classloader.rb |
title | Apache Struts ClassLoader Manipulation Remote Code Execution |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0500.NASL description Updated struts packages that fix one security issue are now available for Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-06-01 modified 2020-06-02 plugin id 79018 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79018 title RHEL 6 : struts (RHSA-2014:0500) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0500. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79018); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_xref(name:"RHSA", value:"2014:0500"); script_name(english:"RHEL 6 : struts (RHSA-2014:0500)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated struts packages that fix one security issue are now available for Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All Satellite users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For this update to take effect, the tomcat6 service must be restarted ('service tomcat6 restart')." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0500" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0114" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-taglib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-tiles"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0500"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"struts-1.3.10-6.ep5.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"struts-core-1.3.10-6.ep5.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"struts-extras-1.3.10-6.ep5.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"struts-taglib-1.3.10-6.ep5.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"struts-tiles-1.3.10-6.ep5.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts / struts-core / struts-extras / struts-taglib / struts-tiles"); } }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-095.NASL description Updated struts packages fix security vulnerability : It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-06-01 modified 2020-06-02 plugin id 74073 published 2014-05-19 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74073 title Mandriva Linux Security Advisory : struts (MDVSA-2014:095) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:095. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(74073); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-0114"); script_xref(name:"MDVSA", value:"2014:095"); script_name(english:"Mandriva Linux Security Advisory : struts (MDVSA-2014:095)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated struts packages fix security vulnerability : It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions (CVE-2014-0114)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0219.html" ); script_set_attribute( attribute:"solution", value:"Update the affected struts and / or struts-javadoc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:struts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:struts-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"struts-1.3.10-3.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"struts-javadoc-1.3.10-3.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id ORACLE_OAAM_CPU_OCT_2014.NASL description The remote Oracle Adaptive Access Manager installation is missing a vendor supplied update that fixes a flaw in Apache Struts which allows remote attackers to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 78700 published 2014-10-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78700 title Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78700); script_version("1.10"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_name(english:"Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU)"); script_summary(english:"Checks for the patch."); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Oracle Adaptive Access Manager installation is missing a vendor supplied update that fixes a flaw in Apache Struts which allows remote attackers to execute arbitrary code."); # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ada40cc"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2014 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("oracle_adaptive_access_manager_installed.nbin"); script_require_keys("installed_sw/Oracle Adaptive Access Manager"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("oracle_rdbms_cpu_func.inc"); include("misc_func.inc"); include("install_func.inc"); product = "Oracle Adaptive Access Manager"; install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fixed = NULL; patch = NULL; report = NULL; if (version =~ "^11\.1\.1\.5(\.|$)") fixed = "11.1.1.5.3"; else if (version =~ "^11\.1\.1\.7(\.0|$)") patch = '19768130'; else if (version =~ "^11\.1\.2\.1(\.|$)") fixed = "11.1.2.1.3"; else if (version =~ "^11\.1\.2\.2(\.|$)") fixed = "11.1.2.2.1"; if (!isnull(patch)) { patches = find_patches_in_ohomes(ohomes:make_list(path)); vuln = TRUE; if (!empty_or_null(patches)) if (!isnull(patches[path][patch])) vuln = FALSE; if (vuln) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Required patch : ' + patch + '\n'; } } else if (!isnull(fixed)) { if (ver_compare(ver:version, fix:fixed, strict:FALSE) < 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; } } if (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, product, version, path); if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(port:0);
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0474.NASL description Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-06-01 modified 2020-06-02 plugin id 73922 published 2014-05-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73922 title CentOS 5 : struts (CESA-2014:0474) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0474 and # CentOS Errata and Security Advisory 2014:0474 respectively. # include("compat.inc"); if (description) { script_id(73922); script_version("1.10"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_xref(name:"RHSA", value:"2014:0474"); script_name(english:"CentOS 5 : struts (CESA-2014:0474)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2014-May/020284.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4770c1cd" ); script_set_attribute( attribute:"solution", value:"Update the affected struts packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0114"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:struts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:struts-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:struts-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:struts-webapps-tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts / struts-javadoc / struts-manual / struts-webapps-tomcat5"); }
NASL family CGI abuses NASL id ORACLE_EDQ_OCT_2014_CPU.NASL description The version of Oracle Enterprise Data Quality running on the remote host is affected by multiple vulnerabilities : - A flaw in Apache Commons BeanUtils allows a remote attacker to execute arbitrary code by manipulating the ClassLoader. (CVE-2014-0114) - A flaw in Apache Tomcat allows a remote attacker to replace the XML parsers and thereby gain access to sensitive information. (CVE-2014-0119) last seen 2020-06-01 modified 2020-06-02 plugin id 78749 published 2014-10-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78749 title Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78749); script_version("1.11"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-0114", "CVE-2014-0119"); script_bugtraq_id(67121, 67669); script_name(english:"Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)"); script_summary(english:"Checks the versions."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Data Quality running on the remote host is affected by multiple vulnerabilities : - A flaw in Apache Commons BeanUtils allows a remote attacker to execute arbitrary code by manipulating the ClassLoader. (CVE-2014-0114) - A flaw in Apache Tomcat allows a remote attacker to replace the XML parsers and thereby gain access to sensitive information. (CVE-2014-0119)"); # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ada40cc"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2014 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_edq_director_detect.nbin"); script_require_keys("installed_sw/Oracle Enterprise Data Quality Director"); script_require_ports("Services/www", 9002); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); include("http.inc"); port = get_http_port(default:9002); app_name = "Oracle Enterprise Data Quality Director"; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE, port:port); version = install["version"]; path = install["path"]; item = eregmatch(pattern:"^([0-9.]+[0-9])\.?([^0-9.]|$)", string:version); # should never happen if (isnull(item) || isnull(item[1])) exit(1, "Error parsing version string : " + version); chk_ver = item[1]; fix = ""; if ( chk_ver =~ "^9\.0\." && ver_compare(ver:chk_ver, fix:"9.0.11", strict:FALSE) == -1 ) fix = "9.0.11"; # Looks like Oracle mis-published the patch for this # Leaving check out until the correct patch is published #if (version =~ "^8\.1\." && # ver_compare(ver:version, fix:"8.1.12", strict:FALSE) == -1) # fix = "8.1.12"; if (fix != "") { if (report_verbosity > 0) { report += '\n URL : ' + build_url(port:port, qs:path) + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version);
NASL family Scientific Linux Local Security Checks NASL id SL_20140507_STRUTS_ON_SL5_X.NASL description It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-03-18 modified 2014-05-08 plugin id 73907 published 2014-05-08 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73907 title Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(73907); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0114"); script_name(english:"Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All running applications using struts must be restarted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1405&L=scientific-linux-errata&T=0&P=186 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8c79ae99" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:struts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:struts-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:struts-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:struts-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:struts-webapps-tomcat5"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"struts-debuginfo-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts / struts-debuginfo / struts-javadoc / struts-manual / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2940.NASL description It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. last seen 2020-03-17 modified 2014-08-22 plugin id 77306 published 2014-08-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77306 title Debian DSA-2940-1 : libstruts1.2-java - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2940. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(77306); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_xref(name:"DSA", value:"2940"); script_name(english:"Debian DSA-2940-1 : libstruts1.2-java - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libstruts1.2-java" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2940" ); script_set_attribute( attribute:"solution", value: "Upgrade the libstruts1.2-java packages. For the stable distribution (wheezy), this problem has been fixed in version 1.2.9-5+deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libstruts1.2-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libstruts1.2-java", reference:"1.2.9-5+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id ACTIVEMQ_5_15_5.NASL description The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 112192 published 2018-08-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112192 title Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(112192); script_version("1.6"); script_cvs_date("Date: 2019/11/04"); script_cve_id( "CVE-2012-0881", "CVE-2014-0114", "CVE-2015-5182", "CVE-2016-3092", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-8735", "CVE-2018-7489", "CVE-2018-8006" ); script_bugtraq_id( 67121, 68753, 91453, 93472, 93478, 94463, 103203, 105156 ); script_name(english:"Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities"); script_summary(english:"Checks the version of ActiveMQ."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"http://activemq.apache.org/activemq-5155-release.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Apache ActiveMQ version 5.15.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7489"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:activemq"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("activemq_web_console_detect.nasl"); script_require_keys("installed_sw/ActiveMQ"); script_require_ports("Services/www", 8161); exit(0); } include("http.inc"); include("vcf.inc"); app = 'ActiveMQ'; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:8161); app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); constraints = [ { "min_version" : "5.0.0", "max_version" : "5.15.4", "fixed_version" : "5.15.5" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE, xsrf:TRUE});
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0474.NASL description Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-06-01 modified 2020-06-02 plugin id 73901 published 2014-05-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73901 title RHEL 5 : struts (RHSA-2014:0474) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0474. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(73901); script_version("1.14"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_xref(name:"RHSA", value:"2014:0474"); script_name(english:"RHEL 5 : struts (RHSA-2014:0474)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0474" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0114" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:struts-webapps-tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0474"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"struts-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"struts-debuginfo-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"struts-debuginfo-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"struts-debuginfo-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"struts-javadoc-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"struts-manual-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts / struts-debuginfo / struts-javadoc / struts-manual / etc"); } }
NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter. last seen 2020-06-01 modified 2020-06-02 plugin id 77728 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77728 title VMware Security Updates for vCenter Server (VMSA-2014-0008) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77728); script_version("1.12"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id( "CVE-2013-4322", "CVE-2013-4590", "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0050", "CVE-2014-0114", "CVE-2014-0429", "CVE-2014-0432", "CVE-2014-0446", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428" ); script_bugtraq_id( 63676, 64493, 65400, 65568, 65767, 65768, 66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66905, 66907, 66909, 66910, 66911, 66914, 66915, 66916, 66917, 66918, 66919, 67121 ); script_xref(name:"VMSA", value:"2014-0008"); script_name(english:"VMware Security Updates for vCenter Server (VMSA-2014-0008)"); script_summary(english:"Checks the version of VMware vCenter."); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization management application installed that is affected by multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0008.html"); script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000280.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware vCenter Server 5.5u2 (5.5.0 build-2001466) / 5.1u3 (5.1.0 build-2306353) / 5.0u3c (5.0.0 build-2210222) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vcenter_detect.nbin"); script_require_keys("Host/VMware/vCenter", "Host/VMware/version", "Host/VMware/release"); script_require_ports("Services/www", 80, 443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_kb_item_or_exit("Host/VMware/vCenter"); version = get_kb_item_or_exit("Host/VMware/version"); release = get_kb_item_or_exit("Host/VMware/release"); # Extract and verify the build number build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\.]+ build-([0-9]+)$', string:release, replace:"\1"); if (build !~ '^[0-9]+$') exit(1, 'Failed to extract the build number from the release string.'); release = release - 'VMware vCenter Server '; # Check version and build numbers if (version =~ '^VMware vCenter 5\\.0$' && int(build) < 2210222) fixversion = '5.0.0 build-2210222'; else if (version =~ '^VMware vCenter 5\\.1$' && int(build) < 2306353) fixversion = '5.1.0 build-2306353'; else if (version =~ '^VMware vCenter 5\\.5$' && int(build) < 2001466) fixversion = '5.5.0 build-2001466'; else audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release); if (report_verbosity > 0) { report = '\n Installed version : ' + release + '\n Fixed version : ' + fixversion + '\n'; security_hole(port:port, extra:report); } else security_hole(port);
NASL family Misc. NASL id ORACLE_IDENTITY_MANAGEMENT_CPU_OCT_2014.NASL description The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of an ActionForm object. This can be used to manipulate the ClassLoader or execute arbitrary code. (CVE-2014-0114) - The application is subject to a cross-site redirection attack because user-supplied input to the last seen 2020-06-01 modified 2020-06-02 plugin id 78542 published 2014-10-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78542 title Oracle Identity Manager (October 2014 CPU code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78542); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2014-0114", "CVE-2014-2880", "CVE-2014-6487"); script_bugtraq_id(66615, 67121, 70458); script_xref(name:"EDB-ID", value:"32670"); script_name(english:"Oracle Identity Manager (October 2014 CPU"); script_summary(english:"Checks for the October 2014 CPU."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of an ActionForm object. This can be used to manipulate the ClassLoader or execute arbitrary code. (CVE-2014-0114) - The application is subject to a cross-site redirection attack because user-supplied input to the 'backUrl' parameter is not properly validated. (CVE-2014-2880) - An unspecified vulnerability exists in the End User Self Service component. (CVE-2014-6487)."); # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ada40cc"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2014 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:identity_manager"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("oracle_identity_management_installed.nbin"); script_require_keys("installed_sw/Oracle Identity Manager"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("oracle_rdbms_cpu_func.inc"); include("misc_func.inc"); include("install_func.inc"); product = "Oracle Identity Manager"; install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fixed = NULL; patch = NULL; report = NULL; if (version =~ "^11\.1\.1\.7(\.[01])?$") patch = '19666962'; else if (version =~ "^11\.1\.1\.5(\.[0-9]|\.1[01])?$") patch = '19696852'; else if (version =~ "^11\.1\.2\.1(\.0|$)") fix = '11.1.2.1.9'; else if (version =~ "^11\.1\.2\.2(\.0|$)") fix = '11.1.2.2.4'; if (!isnull(patch)) { patches = find_patches_in_ohomes(ohomes:make_list(path)); vuln = TRUE; if (!empty_or_null(patches)) if (!isnull(patches[path][patch])) vuln = FALSE; if (vuln) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Required patch : ' + patch + '\n'; } } else if (!isnull(fixed)) { if (ver_compare(ver:version, fix:fixed, strict:FALSE) < 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; } } if (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, product, version, path); if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(port:0);
NASL family Denial of Service NASL id STRUTS_CLASSLOADER_MANIPULATION.NASL description The remote web application appears to use Struts, a web application framework. The version of Struts in use contains a flaw that allows the manipulation of the ClassLoader via the last seen 2020-06-01 modified 2020-06-02 plugin id 73919 published 2014-05-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73919 title Apache Struts ClassLoader Manipulation code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73919); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_name(english:"Apache Struts ClassLoader Manipulation"); script_summary(english:"Exploits a DoS condition."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a web application that uses a Java framework that is affected by a ClassLoader manipulation vulnerability."); script_set_attribute(attribute:"description", value: "The remote web application appears to use Struts, a web application framework. The version of Struts in use contains a flaw that allows the manipulation of the ClassLoader via the 'class' parameter of an ActionForm object that results a denial of service. Note that this vulnerability may be exploited to execute arbitrary remote code in certain application servers with specific configurations; however, Nessus has not tested for this issue. Additionally, note that this plugin will only report the first vulnerable instance of a Struts application."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2014/Apr/177"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1091938"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/solutions/869353"); script_set_attribute(attribute:"see_also", value:"https://struts.apache.org/struts1eol-announcement.html"); # https://community.hpe.com/t5/custom/page/page-id/HPPSocialUserSignonPage?redirectreason=permissiondenied&referer=https%3A%2F%2Fcommunity.hpe.com%2Ft5%2FModeration-and-Management-Mods%2Fct-p%2FModeration#.U2eVtKJ6Nat script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8458fe5f"); script_set_attribute(attribute:"solution", value: "Unknown at this time. Note that Struts 1 has reached end-of-life and is no longer supported."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts"); script_end_attributes(); script_category(ACT_DENIAL); script_family(english:"Denial of Service"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl", "webmirror.nasl"); script_require_ports("Services/www", 80, 8080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http.inc"); include("misc_func.inc"); port = get_http_port(default:8080); cgis = get_kb_list('www/' + port + '/cgi'); urls = make_list(); # To identify actions that we can test the exploit on we will look # for files with the .action and .do suffix from the KB. if (!isnull(cgis)) { foreach cgi (cgis) { match = eregmatch(pattern:"((^.*)(/.+\.act(ion)?)($|\?|;))", string:cgi); if (!isnull(match)) { urls = make_list(urls, match[0]); if (!thorough_tests) break; } match2 = eregmatch(pattern:"(^.*)(/.+\.do)$", string:cgi); if (!isnull(match2)) { urls = make_list(urls, match2[0]); if (!thorough_tests) break; } } } if (thorough_tests) { cgi2 = get_kb_list('www/' + port + '/content/extensions/act*'); if (!isnull(cgi2)) urls = make_list(urls, cgi2); cgi3 = get_kb_list('www/' + port + '/content/extensions/do'); if (!isnull(cgi3)) urls = make_list(urls, cgi3); } if (max_index(urls) == 0) audit(AUDIT_WEB_FILES_NOT, "Struts .do / .action", port); urls = list_uniq(urls); script = SCRIPT_NAME - ".nasl" + "-" + unixtime(); foreach url (urls) { res = http_send_recv3( method : "GET", port : port, item : url, exit_on_fail : TRUE ); if (res[0] != "404 Not Found") { vuln_url = url + "?class.classLoader.resources.dirContext.docBase=" +script; res2 = http_send_recv3( method : "GET", port : port, item : vuln_url, exit_on_fail : FALSE ); if ( (res2[0] =~ "200 OK|500 Internal Server Error") ) { sleep(4); # One more check to ensure application is dead res = http_send_recv3( method : "GET", item : url, port : port, fetch404 : TRUE, exit_on_fail : TRUE ); if (res[0] =~ "404 Not Found") { vuln = TRUE; # Stop after first vulnerable Struts app is found break; } } } } if (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.'); security_report_v4( port : port, severity : SECURITY_HOLE, generic : TRUE, request : make_list(build_url(qs:vuln_url, port:port)), output : chomp(res[2]) );
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_8_5_0_0_CF02.NASL description The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the last seen 2020-06-01 modified 2020-06-02 plugin id 79216 published 2014-11-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79216 title IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(79216); script_version("1.10"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-0114", "CVE-2014-3083", "CVE-2014-4761", "CVE-2014-4762", "CVE-2014-4792", "CVE-2014-6093" ); script_bugtraq_id( 67121, 69298, 69733, 69734, 70322, 71358 ); script_name(english:"IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities"); script_summary(english:"Checks for the installed patch."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code. (CVE-2014-0114) - An unspecified information disclosure vulnerability exists which allows a remote attacker to gain access to sensitive information. (CVE-2014-3083) - An information disclosure vulnerability exists which allows a remote, authenticated attacker to gain access to sensitive information, such as user credentials, through certain HTML pages. (CVE-2014-4761) - An unspecified cross-site scripting vulnerability exists due to improper validation of user input. This can be exploited by a remote, authenticated attacker to execute code in the security context of a user's browser. (CVE-2014-4762) - An unrestricted file upload vulnerability exists which allows a remote, authenticated attacker to upload large files, potentially resulting in a denial of service. (CVE-2014-4792) - An unspecified cross-site scripting vulnerability exists that allows remote, authenticated attackers to execute arbitrary code via a specially crafted URL. (CVE-2014-6093)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21684652"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_cve_2014_3083_cve_2014_4761?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa26251e"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21681998"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_cve_2014_4762_cve_2014_4792?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11287c08"); script_set_attribute(attribute:"solution", value: "IBM has published a cumulative fix (CF02) for WebSphere Portal 8.5.0.0. Refer to IBM's advisory for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); exit(0); } include("websphere_portal_version.inc"); websphere_portal_check_version( ranges:make_list("8.5.0.0, 8.5.0.0"), fix:"CF02", severity:SECURITY_HOLE, xss:TRUE );
NASL family Fedora Local Security Checks NASL id FEDORA_2014-9380.NASL description fix CVE-2014-0114 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-23 plugin id 77351 published 2014-08-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77351 title Fedora 20 : struts-1.3.10-10.fc20 (2014-9380) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-9380. # include("compat.inc"); if (description) { script_id(77351); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_xref(name:"FEDORA", value:"2014-9380"); script_name(english:"Fedora 20 : struts-1.3.10-10.fc20 (2014-9380)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fix CVE-2014-0114 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1091938" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2fa0f7b0" ); script_set_attribute( attribute:"solution", value:"Update the affected struts package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:struts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"struts-1.3.10-10.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "struts"); }
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL description The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the last seen 2020-06-01 modified 2020-06-02 plugin id 79691 published 2014-12-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79691 title IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(79691); script_version("1.18"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-0114", "CVE-2014-0910", "CVE-2014-0949", "CVE-2014-0952", "CVE-2014-0953", "CVE-2014-0954", "CVE-2014-0956", "CVE-2014-0959", "CVE-2014-3083", "CVE-2014-3102", "CVE-2014-4746", "CVE-2014-4760", "CVE-2014-4761", "CVE-2014-4792", "CVE-2014-4808", "CVE-2014-4814", "CVE-2014-4821", "CVE-2014-6093", "CVE-2014-6215", "CVE-2014-8909", "CVE-2015-1943" ); script_bugtraq_id( 67121, 67413, 67417, 67418, 67419, 67421, 68011, 69042, 69044, 69045, 69047, 69298, 69734, 70322, 70755, 70757, 70758, 71358, 71728, 73958 ); script_name(english:"IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities"); script_summary(english:"Checks for the installed patch."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code. (CVE-2014-0114) - A cross-site scripting vulnerability exists which allows a remote, authenticated attacker to inject arbitrary web script or HTML. (CVE-2014-0910) - An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request to cause a consumption of resources. (CVE-2014-0949) - A cross-site scripting vulnerability exists in the 'boot_config.jsp' script due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's browser to steal authentication cookies. (CVE-2014-0952) - An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. (CVE-2014-0953) - A privilege escalation vulnerability exists in the Web Content Viewer portlet due to improper handling of JSP includes. A remote attacker can exploit this issue to obtain sensitive information, cause a denial of service, or control the request dispatcher by sending a specially crafted URL request. (CVE-2014-0954) - An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's web browser to steal authentication cookies. (CVE-2014-0956) - An unspecified denial of service vulnerability exists that allows an authenticated attacker to cause a successful login to loop back to the login page indefinitely. (CVE-2014-0959) - An unspecified information disclosure vulnerability exists which allows a remote attacker to gain access to sensitive information. (CVE-2014-3083) - An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's browser. (CVE-2014-3102) - An information disclosure vulnerability exists due to the returned error codes which an attacker can use to identify devices behind a firewall. (CVE-2014-4746) - An unspecified open redirect vulnerability exists that allows an attacker to perform a phishing attack by enticing a user to click on a malicious URL. (CVE-2014-4760) - An information disclosure vulnerability exists which allows a remote, authenticated attacker to gain access to sensitive information, such as user credentials, through certain HTML pages. (CVE-2014-4761) - An unrestricted file upload vulnerability exists which allows a remote, authenticated attacker to upload large files, potentially resulting in a denial of service. (CVE-2014-4792) - An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808) - A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814) - An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes. (CVE-2014-4821) - An unspecified cross-site scripting vulnerability exists that allows a remote, authenticated attacker to execute arbitrary code via a specially crafted URL. (CVE-2014-6093) - An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-6215) - An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-8909) - An unspecified flaw exists that is trigged when handling Portal requests. A remote attacker can exploit this to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-1943)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572"); # http://www-01.ibm.com/support/docview.wss?uid=swg24029452#CF029 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a808243"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM WebSphere Portal 7.0.0.2 Cumulative Fix 29 (CF29) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); exit(0); } include("websphere_portal_version.inc"); websphere_portal_check_version( ranges:make_list("7.0.0.0, 7.0.0.2"), fix:"CF29", severity:SECURITY_HOLE, xss:TRUE );
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-57.NASL description It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. This update fixes this problem. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82203 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82203 title Debian DLA-57-1 : libstruts1.2-java security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-57-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82203); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_name(english:"Debian DLA-57-1 : libstruts1.2-java security update"); script_summary(english:"Checks dpkg output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. This update fixes this problem. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libstruts1.2-java" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected libstruts1.2-java package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libstruts1.2-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libstruts1.2-java", reference:"1.2.9-4+deb6u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0008.NASL description a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 77630 published 2014-09-11 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77630 title VMSA-2014-0008 : VMware vSphere product updates to third-party libraries code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2014-0008. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(77630); script_version("1.29"); script_cvs_date("Date: 2019/09/26 15:14:18"); script_cve_id("CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0050", "CVE-2014-0114"); script_bugtraq_id(57638, 58839, 63676, 64493, 65400, 65568, 65767, 65768, 66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66886, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66908, 66909, 66910, 66911, 66912, 66913, 66914, 66915, 66916, 66917, 66918, 66919, 66920, 67121); script_xref(name:"VMSA", value:"2014-0008"); script_name(english:"VMSA-2014-0008 : VMware vSphere product updates to third-party libraries"); script_summary(english:"Checks esxupdate output for the patch"); script_set_attribute( attribute:"synopsis", value:"The remote VMware ESXi host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000282.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2014-09-09"); flag = 0; if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-2.47.2323231")) flag++; if (esx_check(ver:"ESXi 5.5", vib:"VMware:esx-base:5.5.0-1.30.1980513")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201607-09.NASL description The remote host is affected by the vulnerability described in GLSA-201607-09 (Commons-BeanUtils: Arbitrary code execution) Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 92479 published 2016-07-21 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92479 title GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201607-09. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(92479); script_version("2.2"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2014-0114"); script_xref(name:"GLSA", value:"201607-09"); script_name(english:"GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201607-09 (Commons-BeanUtils: Arbitrary code execution) Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201607-09" ); script_set_attribute( attribute:"solution", value: "All Commons BeanUtils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/commons-beanutils-1.9.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:commons-beanutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-java/commons-beanutils", unaffected:make_list("ge 1.9.2"), vulnerable:make_list("lt 1.9.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Commons-BeanUtils"); }
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_CVE-2014-0114.NASL description The version of IBM WebSphere Portal on the remote host is affected by a remote code execution vulnerability in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the last seen 2020-06-01 modified 2020-06-02 plugin id 77535 published 2014-09-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77535 title IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77535); script_version("1.9"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-0114"); script_bugtraq_id(67121); script_name(english:"IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE"); script_summary(english:"Checks for installed patches."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal on the remote host is affected by a remote code execution vulnerability in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21680194"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_classloader_manipulation_with_apache_struts_affecting_ibm_websphere_portal_cve_2014_0114?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f272d04"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patches listed in the advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); script_require_ports(139, 445); exit(0); } include("websphere_portal_version.inc"); portlets = make_array(); paa = "IBM Common PIM"; portlets[paa]["Fixed Version"] = "8.03"; portlets[paa]["File"] = "\..\wp_profile\paa\mail\components\mail\version\mail.component"; portlets[paa]["Version Regex"] = 'spec-version="([0-9\\.]+)"\\s*/>'; portlets[paa]["WP Ranges"] = make_list("8.5.0.0, 8.5.0.0", "8.0.0.0, 8.0.0.1"); websphere_portal_check_version( checks:make_array( "8.5.0.0, 8.5.0.0, CF01", make_list("PI18707"), "8.0.0.0, 8.0.0.1, CF12", make_list("PI20686, PI20737, PI20741, PI20861"), "8.0.0.0, 8.0.0.1, CF13", make_list("PI20737"), "7.0.0.0, 7.0.0.2, CF28", make_list("PI20686, PI20737, PI20861, PI20741, PI21113"), "6.1.5.0, 6.1.5.3, CF27", make_list("PI20686, PI20737, PI20861, PI20741, PI21113"), "6.1.0.0, 6.1.0.6, CF27", make_list("PI20686, PI20737, PI20861, PI20741, PI21113") ), severity:SECURITY_HOLE, portlets:portlets );
NASL family Web Servers NASL id WEBSPHERE_7_0_0_33.NASL description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76967 published 2014-08-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76967 title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0474.NASL description From Red Hat Security Advisory 2014:0474 : Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the last seen 2020-06-01 modified 2020-06-02 plugin id 73935 published 2014-05-09 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73935 title Oracle Linux 5 : struts (ELSA-2014-0474)
Packetstorm
data source | https://packetstormsecurity.com/files/download/149050/oscaremr-execxss.txt |
id | PACKETSTORM:149050 |
last seen | 2018-08-24 |
published | 2018-08-23 |
reporter | Brian D. Hysell |
source | https://packetstormsecurity.com/files/149050/OSCAR-EMR-15.21beta361-XSS-Disclosure-CSRF-Insecure-Direct-Object-Reference.html |
title | OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1091938
- http://secunia.com/advisories/59704
- http://www-01.ibm.com/support/docview.wss?uid=swg21676303
- https://issues.apache.org/jira/browse/BEANUTILS-463
- https://bugzilla.redhat.com/show_bug.cgi?id=1116665
- http://www-01.ibm.com/support/docview.wss?uid=swg21676931
- http://secunia.com/advisories/59014
- https://access.redhat.com/solutions/869353
- http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
- http://openwall.com/lists/oss-security/2014/07/08/1
- http://secunia.com/advisories/58851
- http://openwall.com/lists/oss-security/2014/06/15/10
- http://www-01.ibm.com/support/docview.wss?uid=swg21676375
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://secunia.com/advisories/60703
- http://secunia.com/advisories/60177
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.debian.org/security/2014/dsa-2940
- http://marc.info/?l=bugtraq&m=141451023707502&w=2
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://marc.info/?l=bugtraq&m=140119284401582&w=2
- http://marc.info/?l=bugtraq&m=140801096002766&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- http://www.securityfocus.com/bid/67121
- https://security.gentoo.org/glsa/201607-09
- http://www-01.ibm.com/support/docview.wss?uid=swg27042296
- http://www-01.ibm.com/support/docview.wss?uid=swg21677110
- http://www-01.ibm.com/support/docview.wss?uid=swg21676110
- http://www-01.ibm.com/support/docview.wss?uid=swg21675972
- http://www-01.ibm.com/support/docview.wss?uid=swg21675898
- http://www-01.ibm.com/support/docview.wss?uid=swg21675689
- http://www-01.ibm.com/support/docview.wss?uid=swg21675387
- http://www-01.ibm.com/support/docview.wss?uid=swg21675266
- http://www-01.ibm.com/support/docview.wss?uid=swg21674812
- http://www-01.ibm.com/support/docview.wss?uid=swg21674128
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
- http://www.ibm.com/support/docview.wss?uid=swg21675496
- http://secunia.com/advisories/59718
- http://secunia.com/advisories/59480
- http://secunia.com/advisories/59479
- http://secunia.com/advisories/59464
- http://secunia.com/advisories/59430
- http://secunia.com/advisories/59246
- http://secunia.com/advisories/59245
- http://secunia.com/advisories/59228
- http://secunia.com/advisories/59118
- http://secunia.com/advisories/58947
- http://secunia.com/advisories/58710
- http://secunia.com/advisories/57477
- http://advisories.mageia.org/MGASA-2014-0219.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://security.netapp.com/advisory/ntap-20140911-0001/
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html
- https://security.netapp.com/advisory/ntap-20180629-0006/
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://access.redhat.com/errata/RHSA-2018:2669
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:2995
- https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E
- https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E
- https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E
- https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E