IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE

High Nessus Plugin ID 77535


The remote Windows host has web portal software installed that is affected by a remote code execution vulnerability.


The version of IBM WebSphere Portal on the remote host is affected by a remote code execution vulnerability in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code.


Apply the appropriate patches listed in the advisory.

See Also

Plugin Details

Severity: High

ID: 77535

File Name: websphere_portal_cve-2014-0114.nasl

Version: 1.9

Type: local

Family: CGI abuses

Published: 2014/09/05

Updated: 2019/11/25

Dependencies: 72644

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal, cpe:/a:apache:struts

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2014/07/25

Vulnerability Publication Date: 2014/04/29

Exploitable With

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2014-0114

BID: 67121