Bug#745897: Apache Struts 1.x ClassLoader Manipulation: Use CVE-2014-0114
Arun Babu Neelicattu
abn at redhat.com
Tue Apr 29 09:49:00 UTC 2014
Although the attack vector is the same as that for CVE-2014-0094, this
needs to be considered as a separate flaw [1].
Please use CVE-2014-0114 to refer to this flaw affecting Apache Struts
1.x.
[1]
http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
--
Arun Neelicattu / Red Hat Security Response Team
PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B
More information about the pkg-java-maintainers
mailing list