Exploit for #VU65653 Unsafe reflection in Apache Commons BeanUtils

Exploit for #VU65653 Unsafe reflection in Apache Commons BeanUtils

Published: 2022-10-22

Vulnerability identifier: #VU65653

Vulnerability risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2014-0114

CWE-ID: CWE-470

Exploitation vector: Network

Exploits in database: 3

October 22, 2022
- Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit) [Exploit-DB]
- Apache Struts ClassLoader Manipulation Remote Code Execution [Metasploit]
- strutt-cve-2014-0114 () [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
Apache Commons BeanUtils
Universal components / Libraries / Software for developers

Vendor: Apache Foundation