What is CVE-2014-0114?

CVE-2014-0114 is a vulnerability in Apache Commons_beanutils, classified under Improper Input Validation. Published 2014-04-30.

Is CVE-2014-0114 known to be exploited?

28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Commons_beanutils

CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote atta…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.923 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Commons_beanutils
Apache Struts — versions 1.0, 1.0.2, 1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 (mailing-list, x_refsource_MLIST)
57477 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
58710 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2014:095 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-0114?: CVE-2014-0114 is a vulnerability in Apache Commons_beanutils, classified under Improper Input Validation. Published 2014-04-30.
Is CVE-2014-0114 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.