Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)
High Nessus Plugin ID 73907
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.
A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)
All running applications using struts must be restarted for this update to take effect.
SolutionUpdate the affected packages.