CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation
Apache Struts provided by the Apache Software Foundation contains a vulnerability where the ClassLoader may be manipulated.(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0114, CVE-2014-0116)
Software Products
| Brand | Product | Affected | Remarks |
|---|---|---|---|
| Interstage | Interstage Application Server
Enterprise Edition V6 to V11.0 Plus/ Standard Edition V7 Standard-J Edition V8 to V11.0 without Web-J Edition and Plus Developer | yes | When using The Apcoordinator Struts cooperation function with a Web application, and when running Struts1 contained in these products, the Web Application may be affected by this vulnerability. |
| Interstage Studio
Enterprise Edition V9 Standard-J Edition V9/ V10/ V11.0 without "with UML Modeling Tool" and Client Runtime | yes | ||
| Interstage Service Integrator V9 | yes | ||
| Interstage eXtreme Transaction Processing Server V1.0 | yes | When using the management console contained in this product, the system may be affected by this vulnerability. | |
| Interstage Interaction Manager | yes | For more details, refer to Interstage Interaction Manager: Struts1 Vulnerability(CVE-2014-0094). | |
| Interstage Business Process Manager Analytics
V10.1 to V12.2 | yes | For more details, refer to Vulnerability of allowing attackers to "manipulate" the ClassLoader (CVE-2014-0094) | |
| Systemwalker | Systemwalker Service Quality Coordinator Enterprise Edition
V13.4.0 to V13.5.0 | yes | |
| Systemwalker Software Configuration Manager
V15.1.0, V15.1.1, V15.2.0 V14g V14.1.0 | yes | When a malicious user in intranet sends a illegal request to the management server of this product, the system may be affected by this vulnerability. | |
| Symfoware | Symfoware Server
Standard Edition V12.0 | yes | When running the GUI tool of WebAdmin running on DB server, the system may be affected by this vulnerability. |
Note: No problem has been detected in hardware and related products. We are currently investigating this issue.
For more information, please contact a Fujitsu system engineer or your partner(s).
References
- CVE-2014-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 - CVE-2014-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112 - CVE-2014-0113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0113 - CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 - CVE-2012-0116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0116
Revision history
- June 12th, 24: 2nd release
- Added: Interstage Interaction Manager
- May 20th, 2014: Initial release
