CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation

Apache Struts provided by the Apache Software Foundation contains a vulnerability where the ClassLoader may be manipulated.(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0114, CVE-2014-0116)

Software Products

InterstageInterstage Application Server
Enterprise Edition V6 to V11.0
Plus/ Standard Edition V7
Standard-J Edition V8 to V11.0
without Web-J Edition and Plus Developer
yesWhen using The Apcoordinator Struts cooperation function with a Web application, and when running Struts1 contained in these products, the Web Application may be affected by this vulnerability.
Interstage Studio
Enterprise Edition V9
Standard-J Edition V9/ V10/ V11.0
without "with UML Modeling Tool" and Client Runtime
Interstage Service Integrator V9yes
Interstage eXtreme Transaction Processing Server V1.0yesWhen using the management console contained in this product, the system may be affected by this vulnerability.
Interstage Interaction ManageryesFor more details, refer to Interstage Interaction Manager: Struts1 Vulnerability(CVE-2014-0094).
Interstage Business Process Manager Analytics
V10.1 to V12.2
yesFor more details, refer to Vulnerability of allowing attackers to "manipulate" the ClassLoader (CVE-2014-0094)
SystemwalkerSystemwalker Service Quality Coordinator Enterprise Edition
V13.4.0 to V13.5.0
Systemwalker Software Configuration Manager
V15.1.0, V15.1.1, V15.2.0
V14g V14.1.0
yesWhen a malicious user in intranet sends a illegal request to the management server of this product, the system may be affected by this vulnerability.
SymfowareSymfoware Server
Standard Edition V12.0
yesWhen running the GUI tool of WebAdmin running on DB server, the system may be affected by this vulnerability.

Note: No problem has been detected in hardware and related products. We are currently investigating this issue.

For more information, please contact a Fujitsu system engineer or your partner(s).


Revision history

  • June 12th, 24: 2nd release
    • Added: Interstage Interaction Manager
  • May 20th, 2014: Initial release

Top of Page