Ausführen beliebiger Kommandos in Struts
ID: | FEDORA-2014-9380 |
Distribution: | Fedora |
Plattformen: | Fedora 20 |
Datum: | Sa, 23. August 2014, 10:04 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 |
Applikationen: | Struts |
Originalnachricht |
|
Name : struts Product : Fedora 20 Version : 1.3.10 Release : 10.fc20 URL : http://struts.apache.org/ Summary : Web application framework Description : Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists. Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form-based applications. Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. -------------------------------------------------------------------------------- Update Information: fix CVE-2014-0114 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 12 2014 gil cattaneo |