Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2014-0116
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
| Software | From | Fixed in |
|---|---|---|
| apache / struts | 2.3.1.1 | 2.3.1.1.x |
| apache / struts | 2.0.9 | 2.0.9.x |
| apache / struts | 2.0.12 | 2.0.12.x |
| apache / struts | 2.2.3.1 | 2.2.3.1.x |
| apache / struts | 2.1.0 | 2.1.0.x |
| apache / struts | 2.3.15 | 2.3.15.x |
| apache / struts | 2.0.0 | 2.0.0.x |
| apache / struts | 2.3.14 | 2.3.14.x |
| apache / struts | 2.0.8 | 2.0.8.x |
| apache / struts | 2.0.7 | 2.0.7.x |
| apache / struts | 2.0.4 | 2.0.4.x |
| apache / struts | 2.2.1 | 2.2.1.x |
| apache / struts | 2.3.16 | 2.3.16.x |
| apache / struts | 2.1.8.1 | 2.1.8.1.x |
| apache / struts | 2.3.3 | 2.3.3.x |
| apache / struts | 2.3.4 | 2.3.4.x |
| apache / struts | 2.1.3 | 2.1.3.x |
| apache / struts | 2.1.2 | 2.1.2.x |
| apache / struts | 2.1.5 | 2.1.5.x |
| apache / struts | 2.0.1 | 2.0.1.x |
| apache / struts | 2.3.15.2 | 2.3.15.2.x |
| apache / struts | 2.3.14.3 | 2.3.14.3.x |
| apache / struts | 2.0.2 | 2.0.2.x |
| apache / struts | 2.1.8 | 2.1.8.x |
| apache / struts | 2.3.4.1 | 2.3.4.1.x |
| apache / struts | 2.0.11.1 | 2.0.11.1.x |
| apache / struts | 2.3.8 | 2.3.8.x |
| apache / struts | 2.3.7 | 2.3.7.x |
| apache / struts | 2.0.3 | 2.0.3.x |
| apache / struts | 2.3.14.2 | 2.3.14.2.x |
| apache / struts | 2.0.14 | 2.0.14.x |
| apache / struts | 2.3.15.1 | 2.3.15.1.x |
| apache / struts | 2.3.1 | 2.3.1.x |
| apache / struts | 2.0.11 | 2.0.11.x |
| apache / struts | 2.3.16.2 | 2.3.16.2.x |
| apache / struts | 2.1.6 | 2.1.6.x |
| apache / struts | 2.0.5 | 2.0.5.x |
| apache / struts | 2.2.3 | 2.2.3.x |
| apache / struts | 2.3.12 | 2.3.12.x |
| apache / struts | 2.1.4 | 2.1.4.x |
| apache / struts | 2.2.1.1 | 2.2.1.1.x |
| apache / struts | 2.0.11.2 | 2.0.11.2.x |
| apache / struts | 2.0.13 | 2.0.13.x |
| apache / struts | 2.3.1.2 | 2.3.1.2.x |
| apache / struts | 2.3.15.3 | 2.3.15.3.x |
| apache / struts | 2.3.16.1 | 2.3.16.1.x |
| apache / struts | 2.1.1 | 2.1.1.x |
| apache / struts | 2.0.6 | 2.0.6.x |
| apache / struts | 2.0.10 | 2.0.10.x |
| apache / struts | 2.3.14.1 | 2.3.14.1.x |
org.apache.struts / struts2-core
|
- | 2.3.20 |