漏洞信息详情
Apache Struts 输入验证错误漏洞
- CNNVD编号:CNNVD-201404-581
- 危害等级: 高危
- CVE编号: CVE-2014-0114
- 漏洞类型: 输入验证错误
- 发布时间: 2014-04-30
- 威胁类型: 远程
- 更新时间: 2022-07-22
- 厂 商: apache
- 漏洞来源: Rene Gielen
漏洞简介
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。
Apache Struts 1.x版本至1.3.10版本中的Apache Commons BeanUtils 1.9.2及之前版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.apache.org/
参考网址
来源:MLIST
链接:http://openwall.com/lists/oss-security/2014/06/15/10
来源:MISC
链接:https://lists.apache.org/thread.HTML/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2995
来源:CONFIRM
链接:https://issues.apache.org/jira/browse/BEANUTILS-463
来源:SECUNIA
链接:http://secunia.com/advisories/57477
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675898
来源:MISC
链接:https://lists.apache.org/thread.HTML/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:http://openwall.com/lists/oss-security/2014/07/08/1
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20140911-0001/
来源:MLIST
链接:https://lists.apache.org/thread.HTML/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/59430
来源:MLIST
链接:https://lists.apache.org/thread.HTML/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2014/Dec/23
来源:SECUNIA
链接:http://secunia.com/advisories/58851
来源:CONFIRM
链接:http://advisories.mageia.org/MGASA-2014-0219.HTML
来源:MISC
链接:https://lists.apache.org/thread.HTML/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2014-0012.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/59704
来源:MLIST
链接:https://lists.apache.org/thread.HTML/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3Ccommits.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/59480
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21676091
来源:MISC
链接:https://lists.apache.org/thread.HTML/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/59246
来源:SECUNIA
链接:http://secunia.com/advisories/59245
来源:SECUNIA
链接:http://secunia.com/advisories/59479
来源:MLIST
链接:https://lists.apache.org/thread.HTML/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/59118
来源:MLIST
链接:https://lists.apache.org/thread.HTML/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3Cissues.commons.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3Cissues.activemq.apache.org%3E
来源:MLIST
链接:http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/58947
来源:MLIST
链接:https://lists.apache.org/thread.HTML/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1091938
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3Cissues.activemq.apache.org%3E
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
来源:GENTOO
链接:https://security.gentoo.org/glsa/201607-09
来源:SECUNIA
链接:http://secunia.com/advisories/59014
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1116665
来源:SECUNIA
链接:http://secunia.com/advisories/58710
来源:MLIST
链接:https://lists.apache.org/thread.HTML/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3Cgitbox.activemq.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.HTML/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675266
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675387
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.HTML
来源:CONFIRM
链接:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.HTML
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21676110
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/534161/100/0/threaded
来源:MLIST
链接:https://lists.apache.org/thread.HTML/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E
来源:CONFIRM
链接:http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
来源:CONFIRM
链接:http://www.vmware.com/security/advisories/VMSA-2014-0008.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/59464
来源:BID
链接:https://www.securityfocus.com/bid/67121
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3Ccommits.dolphinscheduler.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:2669
来源:MISC
链接:https://lists.apache.org/thread.HTML/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675972
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21676303
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674128
来源:CONFIRM
链接:http://www.vmware.com/security/advisories/VMSA-2014-0012.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E
来源:DEBIAN
链接:http://www.debian.org/security/2014/dsa-2940
来源:MLIST
链接:https://lists.apache.org/thread.HTML/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21677110
来源:BID
链接:http://www.securityfocus.com/bid/67121
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
来源:HP
链接:http://marc.info/?l=bugtraq&m=140119284401582&w=2
来源:MLIST
链接:https://lists.apache.org/thread.HTML/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
来源:HP
链接:http://marc.info/?l=bugtraq&m=141451023707502&w=2
来源:SECUNIA
链接:http://secunia.com/advisories/59228
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21676931
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675689
来源:CONFIRM
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21676375
来源:MLIST
链接:https://lists.apache.org/thread.HTML/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3Cdev.commons.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/60177
来源:MLIST
链接:https://lists.apache.org/thread.HTML/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3Cissues.activemq.apache.org%3E
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
来源:MLIST
链接:https://lists.apache.org/thread.HTML/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E
来源:MISC
链接:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/60703
来源:SECUNIA
链接:http://secunia.com/advisories/59718
来源:CONFIRM
链接:https://www.ibm.com/support/docview.wss?uid=swg21675496
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037622
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21677352
来源:jvn.jp
链接:http://jvn.jp/en/jp/JVN30962312/index.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21680194
来源:support.f5.com
链接:http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037424
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21680698
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21679331
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674905
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674113
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21673877
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21673878
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21676091
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674613
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21677298
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674812
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21676485
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675496
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21677449
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674339
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674016
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674017
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674191
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674310
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21677802
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21675387
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21680716
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21678359
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673422
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673982
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674110
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673992
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674104
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21674099
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673695
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21673508
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21673757
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004807
来源:rhn.redhat.com
链接:https://rhn.redhat.com/errata/RHSA-2014-0500.HTML
来源:rhn.redhat.com
链接:https://rhn.redhat.com/errata/RHSA-2014-0497.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037506
来源:www.oracle.com
链接:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.HTML
来源:www.oracle.com
链接:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037409
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037825
来源:www.hitachi.co.jp
链接:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-020/index.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21678830
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg24037507
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg1IV61058
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg1IV61039
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg27042184
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg27042185
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg27042186
来源:struts.apache.org
链接:http://struts.apache.org/release/2.3.x/docs/s2-021.HTML
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21676646
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21680848
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg1IV61061
来源:h20564.www2.hpe.com
链接:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
来源:h20564.www2.hp.com
链接:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04473828
来源:h20564.www2.hp.com
链接:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04399728
来源:rhn.redhat.com
链接:https://rhn.redhat.com/errata/RHSA-2014-0498.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673101
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673944
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673098
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21676375
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21672316
来源:www.hitachi.co.jp
链接:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.HTML
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21673663
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21675822
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg27042296
来源:h20564.www2.hp.com
链接:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04311273
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674937
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674428
来源:www-304.ibm.com
链接:https://www-304.ibm.com/support/docview.wss?uid=swg21674435
来源:kb.juniper.net
链接:http://kb.juniper.net/InfoCenter/index?page=content&id=jsA10643&cat=SIRT_1&actp=LIST
来源:www.liferay.com
链接:http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/T8Ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation
来源:DEBIAN
链接:https://www.debian.org/security/2014/dsa-2940
来源:MLIST
链接:https://lists.apache.org/thread.HTML/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www.ibm.com/support/docview.wss?uid=swg21675496
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.HTML
来源:MISC
链接:https://lists.apache.org/thread.HTML/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
来源:HP
链接:http://marc.info/?l=bugtraq&m=140801096002766&w=2
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20180629-0006/
来源:MLIST
链接:https://lists.apache.org/thread.HTML/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2014-0008.HTML
来源:CONFIRM
链接:https://access.redhat.com/solutions/869353
来源:MISC
链接:https://lists.apache.org/thread.HTML/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.HTML
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10795183
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10872142
来源:issues.apache.org
链接:https://issues.apache.org/jira/browse/BEANUTILS-520
来源:www.mail-archive.com
链接:https://www.mail-archive.com/[email protected]/msg05413.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10887121
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10957873
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10887119
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10887113
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10888007
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10887999
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10887973
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10888009
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/75922
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2568/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6494701
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2355/
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/67121
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2293.2/
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10879093
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10872142
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/78218
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3134/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072128
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/
受影响实体
- Apache Struts:1.3.10
- Apache Struts:1.3.8
- Apache Struts:1.3.5
- Apache Struts:1.2.9
- Apache Struts:1.2.8
补丁
- struts-1.2.9-4jpp.8.el5_10.src
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论