Mandriva Linux Security Advisory : struts (MDVSA-2014:095)
High Nessus Plugin ID 74073
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated struts packages fix security vulnerability :
It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.
A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions (CVE-2014-0114).
SolutionUpdate the affected struts and / or struts-javadoc packages.