CVE-2019-3834

CWE-4705 documents5 sources

Severity

7.3HIGH

EPSS

0.3%

top 44.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network Redhat Struts

Timeline

PublishedOct 3

Latest updateMay 24

Description

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 fl…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDredhat/jboss_operations_network< 3.3.11

▶CVEListV5redhat/strutsall versions under 1.3.10_1

🔴Vulnerability Details

GHSA

GHSA-r4h2-77r7-2xch: It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)↗2022-05-24

▶

CVEList

CVE-2019-3834: It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)↗2019-10-03

▶

📋Vendor Advisories

Red Hat

JON: struts1 reversion of fix for CVE-2014-0114↗2019-10-02

▶

💬Community

Bugzilla

CVE-2019-3834 JON: struts1 reversion of fix for CVE-2014-0114↗2019-02-15

▶