阿里云漏洞库

该漏洞EXP已公开传播，漏洞利用成本极低，建议您立即关注并修复。

漏洞描述

Apache Struts框架是一个基于Java Servlets,JavaBeans, 和JavaServer Pages (JSP)的Web应用框架的开源项目。

Apache Struts 1未能正确限制Class Loader属性的设置，类似Apache Struts 2 (CVE-2014-0112, CVE-2014-0094)所影响的漏洞，攻击者可以利用漏洞通过ActionForm对象的class属性，来操作加载的Classloader并执行任意代码。

解决建议

Apache Struts 2.3.16.2已经修复该漏洞，建议用户下载更新：
http://struts.apache.org/download.cgi#struts23162

参考链接
http://advisories.mageia.org/MGASA-2014-0219.html
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ig...
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html
http://marc.info/?l=bugtraq&m=140119284401582&w=2
http://marc.info/?l=bugtraq&m=140801096002766&w=2
http://marc.info/?l=bugtraq&m=141451023707502&w=2
http://openwall.com/lists/oss-security/2014/06/15/10
http://openwall.com/lists/oss-security/2014/07/08/1
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/57477
http://secunia.com/advisories/58710
http://secunia.com/advisories/58851
http://secunia.com/advisories/58947
http://secunia.com/advisories/59014
http://secunia.com/advisories/59118
http://secunia.com/advisories/59228
http://secunia.com/advisories/59245
http://secunia.com/advisories/59246
http://secunia.com/advisories/59430
http://secunia.com/advisories/59464
http://secunia.com/advisories/59479
http://secunia.com/advisories/59480
http://secunia.com/advisories/59704
http://secunia.com/advisories/59718
http://secunia.com/advisories/60177
http://secunia.com/advisories/60703
http://www-01.ibm.com/support/docview.wss?uid=swg21674128
http://www-01.ibm.com/support/docview.wss?uid=swg21674812
http://www-01.ibm.com/support/docview.wss?uid=swg21675266
http://www-01.ibm.com/support/docview.wss?uid=swg21675387
http://www-01.ibm.com/support/docview.wss?uid=swg21675689
http://www-01.ibm.com/support/docview.wss?uid=swg21675898
http://www-01.ibm.com/support/docview.wss?uid=swg21675972
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
http://www-01.ibm.com/support/docview.wss?uid=swg21676110
http://www-01.ibm.com/support/docview.wss?uid=swg21676303
http://www-01.ibm.com/support/docview.wss?uid=swg21676375
http://www-01.ibm.com/support/docview.wss?uid=swg21676931
http://www-01.ibm.com/support/docview.wss?uid=swg21677110
http://www-01.ibm.com/support/docview.wss?uid=swg27042296
http://www.debian.org/security/2014/dsa-2940
http://www.ibm.com/support/docview.wss?uid=swg21675496
http://www.mandriva.com/security/advisories?name=MDVSA-2014:095
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/67121
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2019:2995
https://access.redhat.com/solutions/869353
https://bugzilla.redhat.com/show_bug.cgi?id=1091938
https://bugzilla.redhat.com/show_bug.cgi?id=1116665
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://issues.apache.org/jira/browse/BEANUTILS-463
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48...
https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48...
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315e...
https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315e...
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f...
https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f...
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981...
https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981...
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b...
https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b...
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf26409...
https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf26409...
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14...
https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14...
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076...
https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076...
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c2368...
https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c2368...
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46...
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46...
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a8...
https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a8...
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab25...
https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab25...
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b656...
https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b656...
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83...
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83...
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7...
https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7...
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c...
https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c...
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fc...
https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fc...
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68...
https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d...
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a2...
https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a2...
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2...
https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2...
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede...
https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede...
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d4...
https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d4...
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9...
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9...
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c987813...
https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c987813...
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e9...
https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e9...
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a5...
https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a5...
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674...
https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674...
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b...
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b...
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82...
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82...
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef...
https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef...
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c78...
https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c78...
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb...
https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a...
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960...
https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960...
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a...
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a...
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65...
https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65...
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7c...
https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7c...
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615ca...
https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615ca...
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839de...
https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839de...
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f...
https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f...
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba09...
https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba09...
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0...
https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34...
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd9084...
https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd9084...
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e...
https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e...
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133...
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133...
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d...
https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d...
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de5...
https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de5...
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba45...
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba45...
https://security.gentoo.org/glsa/201607-09
https://security.netapp.com/advisory/ntap-20140911-0001/
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	apache	commons_beanutils	*		Up to (including) 1.9.1
	运行在以下环境
	应用	apache	struts	1.0	-
	运行在以下环境
	应用	apache	struts	1.0.2	-
	运行在以下环境
	应用	apache	struts	1.1	-
	运行在以下环境
	应用	apache	struts	1.2.2	-
	运行在以下环境
	应用	apache	struts	1.2.4	-
	运行在以下环境
	应用	apache	struts	1.2.6	-
	运行在以下环境
	应用	apache	struts	1.2.7	-
	运行在以下环境
	应用	apache	struts	1.2.8	-
	运行在以下环境
	应用	apache	struts	1.2.9	-
	运行在以下环境
	应用	apache	struts	1.3.10	-
	运行在以下环境
	应用	apache	struts	1.3.5	-
	运行在以下环境
	应用	apache	struts	1.3.8	-
	运行在以下环境
	系统	centos_5	struts-webapps-tomcat5	*		Up to (excluding) 1.2.9-4jpp.8.el5_10
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 1.2.9-9
	运行在以下环境
	系统	debian_10	commons-beanutils	*		Up to (excluding) 1.9.2-1
	运行在以下环境
	系统	debian_11	commons-beanutils	*		Up to (excluding) 1.9.2-1
	运行在以下环境
	系统	debian_12	commons-beanutils	*		Up to (excluding) 1.9.2-1
	运行在以下环境
	系统	debian_6	libstruts1.2-java	*		Up to (excluding) 1.2.9-4+deb6u1
	运行在以下环境
	系统	debian_7	libstruts1.2-java	*		Up to (excluding) 1.2.9-5+deb7u1
	运行在以下环境
	系统	oracle_5	oraclelinux-release	*		Up to (excluding) 1.2.9-4jpp.8.el5_10
	运行在以下环境
	系统	redhat_5	struts	*		Up to (excluding) 0:1.2.9-4jpp.8.el5_10
	运行在以下环境
	系统	suse_12	apache-commons-beanutils	*		Up to (excluding) 1.9.2-3.3
	运行在以下环境
	系统	ubuntu_12.04.5_lts	libstruts1.2-java	*		Up to (excluding) 1.2.9-5+deb7u1build0.12.04.1
	运行在以下环境
	系统	ubuntu_16.04.7_lts	commons-beanutils	*		Up to (excluding) 1.9.2-3
	运行在以下环境
	系统	ubuntu_18.04.5_lts	commons-beanutils	*		Up to (excluding) 1.9.2-3

攻击路径

远程
攻击复杂度

容易
权限要求

无需权限
影响范围

越权影响
EXP成熟度

EXP 已公开
补丁情况

官方补丁
数据保密性

数据泄露
数据完整性

传输被破坏
服务器危害

DoS
全网数量

N/A

CWE-ID	漏洞类型
CWE-20	输入验证不恰当

严重 Apache Struts 1 Classloader 操纵代码执行漏洞

漏洞描述

解决建议

参考链接

受影响软件情况