Detections
Analytics

MiracleLinux 3 : struts-1.2.9-4jpp.8.AXS3 (AXSA:2014-309:01)

medium Nessus Plugin ID 289770

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-309:01 advisory.

 Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists.
 Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form- based applications.
 Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. Struts is part of the Jakarta Project, sponsored by the Apache Software Foundation. The official Struts home page is at http://jakarta.apache.org/struts.
 Security issues fixed with this release:
 CVE-2014-0114 The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected struts package.

See Also

https://tsn.miraclelinux.com/en/node/4749

Plugin Details

Severity: Medium

ID: 289770

File Name: miracle_linux_AXSA-2014-309.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0114

CVSS v3

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:struts

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2014

Vulnerability Publication Date: 4/29/2014

Reference Information

CVE: CVE-2014-0114