{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Struts ist ein Framework für Java-Anwendungen auf dem Webserver Apache.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- UNIX\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-0918 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2014/wid-sec-w-2023-0918.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-0918 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0918"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2014:0474-1 vom 2014-05-07",
      "url" : "https://rhn.redhat.com/errata/RHSA-2014-0474.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2014:0497-1 vom 2014-05-14",
      "url" : "https://rhn.redhat.com/errata/RHSA-2014-0497.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2014:0498-1 vom 2014-05-14",
      "url" : "https://rhn.redhat.com/errata/RHSA-2014-0498.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2014:0500-1 vom 2014-05-14",
      "url" : "https://rhn.redhat.com/errata/RHSA-2014-0500.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2014:0511-1 vom 2014-05-15",
      "url" : "https://rhn.redhat.com/errata/RHSA-2014-0511.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update: Security Update für Struts",
      "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html"
    }, {
      "category" : "external",
      "summary" : "Debian Security Advisory DSA-2940-1 vom 2014-08-21",
      "url" : "https://www.debian.org/security/2014/dsa-2940"
    }, {
      "category" : "external",
      "summary" : "Oracle Critical Patch Update Advisory Appendix Retail Applications vom 2014-10-14",
      "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixRAPP"
    }, {
      "category" : "external",
      "summary" : "HP Security Bulletin c04473828 vom 2014-10-14",
      "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04473828"
    }, {
      "category" : "external",
      "summary" : "HP Security Bulletin HPSBGN03669 vom 2016-11-07",
      "url" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755"
    }, {
      "category" : "external",
      "summary" : "NetApp Advisory Number NTAP-20140911-0001 vom 2017-04-06",
      "url" : "https://kb.netapp.com/support/s/article/ka51A00000007QFQAY/apache-struts-class-suppression-vulnerability-in-select-netapp-products?language=en_US"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2019:2995 vom 2019-10-10",
      "url" : "https://access.redhat.com/errata/RHSA-2019:2995"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2020-0194 vom 2020-04-24",
      "url" : "https://oss.oracle.com/pipermail/el-errata/2020-January/009538.html"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6982881 vom 2023-04-12",
      "url" : "https://www.ibm.com/support/pages/node/6982881"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 7153639 vom 2024-05-17",
      "url" : "https://www.ibm.com/support/pages/node/7153639"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2025-10814 vom 2025-07-30",
      "url" : "https://linux.oracle.com/errata/ELSA-2025-10814.html"
    } ],
    "source_lang" : "en-US",
    "title" : "Apache Struts: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes",
    "tracking" : {
      "current_release_date" : "2025-07-30T22:00:00.000+00:00",
      "generator" : {
        "date" : "2025-07-31T07:59:33.145+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.4.0"
        }
      },
      "id" : "WID-SEC-W-2023-0918",
      "initial_release_date" : "2014-05-06T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2014-05-06T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initial Release"
      }, {
        "date" : "2014-05-06T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-05-06T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-05-06T22:00:00.000+00:00",
        "number" : "4",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-05-15T22:00:00.000+00:00",
        "number" : "5",
        "summary" : "New remediations available"
      }, {
        "date" : "2014-05-15T22:00:00.000+00:00",
        "number" : "6",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-07-15T22:00:00.000+00:00",
        "number" : "7",
        "summary" : "New remediations available"
      }, {
        "date" : "2014-07-15T22:00:00.000+00:00",
        "number" : "8",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-08-21T22:00:00.000+00:00",
        "number" : "9",
        "summary" : "New remediations available"
      }, {
        "date" : "2014-08-21T22:00:00.000+00:00",
        "number" : "10",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-08-21T22:00:00.000+00:00",
        "number" : "11",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-08-21T22:00:00.000+00:00",
        "number" : "12",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2014-08-21T22:00:00.000+00:00",
        "number" : "13",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2016-11-06T23:00:00.000+00:00",
        "number" : "14",
        "summary" : "New remediations available"
      }, {
        "date" : "2016-11-06T23:00:00.000+00:00",
        "number" : "15",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-04-06T22:00:00.000+00:00",
        "number" : "16",
        "summary" : "n"
      }, {
        "date" : "2017-04-06T22:00:00.000+00:00",
        "number" : "17",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2019-10-09T22:00:00.000+00:00",
        "number" : "18",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2020-04-23T22:00:00.000+00:00",
        "number" : "19",
        "summary" : "Neue Updates von Oracle Linux aufgenommen"
      }, {
        "date" : "2023-04-11T22:00:00.000+00:00",
        "number" : "20",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2024-05-16T22:00:00.000+00:00",
        "number" : "21",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2025-07-30T22:00:00.000+00:00",
        "number" : "22",
        "summary" : "Neue Updates von Oracle Linux aufgenommen"
      } ],
      "status" : "final",
      "version" : "22"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "1",
          "product" : {
            "name" : "Apache Struts 1",
            "product_id" : "T003109",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:apache:struts:1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Struts"
      } ],
      "category" : "vendor",
      "name" : "Apache"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Debian Linux Wheezy (7.0)",
        "product" : {
          "name" : "Debian Linux Wheezy (7.0)",
          "product_id" : "T001572",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:debian:debian_linux:7.0"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Debian"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "HPE SiteScope",
        "product" : {
          "name" : "HPE SiteScope",
          "product_id" : "T008871",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:hp:sitescope:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "HPE XP P9000 Command View Advanced Edition",
        "product" : {
          "name" : "HPE XP P9000 Command View Advanced Edition",
          "product_id" : "T004073",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:hp:xp_p9000_command_view_advanced_edition:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "HPE"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "8.1",
          "product" : {
            "name" : "IBM Operational Decision Manager 8.10",
            "product_id" : "T013722",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:operational_decision_manager:8.10"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "8.11",
          "product" : {
            "name" : "IBM Operational Decision Manager 8.11",
            "product_id" : "T022173",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:operational_decision_manager:8.11"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Operational Decision Manager"
      } ],
      "category" : "vendor",
      "name" : "IBM"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "NetApp OnCommand Unified Manager",
        "product" : {
          "name" : "NetApp OnCommand Unified Manager",
          "product_id" : "T009408",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:netapp:oncommand_unified_manager:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "NetApp"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Oracle Linux",
        "product" : {
          "name" : "Oracle Linux",
          "product_id" : "T004914",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:oracle:linux:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Oracle Primavera",
        "product" : {
          "name" : "Oracle Primavera",
          "product_id" : "T001021",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:oracle:primavera_portfolio_management:7.0"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "10",
          "product" : {
            "name" : "Oracle Retail Allocation 10.0",
            "product_id" : "T003997",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:10.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "11",
          "product" : {
            "name" : "Oracle Retail Allocation 11.0",
            "product_id" : "T003998",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:11.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "12",
          "product" : {
            "name" : "Oracle Retail Allocation 12.0",
            "product_id" : "T003999",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:12.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13",
          "product" : {
            "name" : "Oracle Retail Allocation 13.0",
            "product_id" : "T004000",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:13.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.1",
          "product" : {
            "name" : "Oracle Retail Allocation 13.1",
            "product_id" : "T004001",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:13.1"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.2",
          "product" : {
            "name" : "Oracle Retail Allocation 13.2",
            "product_id" : "T004012",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_allocation:13.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Retail Allocation"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "13.3",
          "product" : {
            "name" : "Oracle Retail Clearance Optimization Engine 13.3",
            "product_id" : "T004002",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_clearance_optimization_engine:13.3"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.4",
          "product" : {
            "name" : "Oracle Retail Clearance Optimization Engine 13.4",
            "product_id" : "T004003",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_clearance_optimization_engine:13.4"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "14",
          "product" : {
            "name" : "Oracle Retail Clearance Optimization Engine 14.0",
            "product_id" : "T004004",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_clearance_optimization_engine:14.0"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Retail Clearance Optimization Engine"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "11",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 11.0",
            "product_id" : "T001981",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:11.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "12",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 12.0",
            "product_id" : "T001982",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:12.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "12.0 IN",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 12.0 IN",
            "product_id" : "T001983",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:12.0in"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "12.1",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 12.1",
            "product_id" : "T001984",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:12.1"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 13.0",
            "product_id" : "T001985",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:13.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.2",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 13.2",
            "product_id" : "T001987",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:13.2"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "14",
          "product" : {
            "name" : "Oracle Retail Invoice Matching 14.0",
            "product_id" : "T004005",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:14.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.1",
          "product" : {
            "name" : "Oracle Retail Markdown Optimization 13.1",
            "product_id" : "T004011",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_invoice_matching:13.1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Retail Invoice Matching"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "12",
          "product" : {
            "name" : "Oracle Retail Markdown Optimization 12.0",
            "product_id" : "T004006",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_markdown_optimization:12.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13",
          "product" : {
            "name" : "Oracle Retail Markdown Optimization 13.0",
            "product_id" : "T004007",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_markdown_optimization:13.0"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.2",
          "product" : {
            "name" : "Oracle Retail Markdown Optimization 13.2",
            "product_id" : "T004009",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_markdown_optimization:13.2"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "13.4",
          "product" : {
            "name" : "Oracle Retail Markdown Optimization 13.4",
            "product_id" : "T004010",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:oracle:retail_markdown_optimization:13.4"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Retail Markdown Optimization"
      } ],
      "category" : "vendor",
      "name" : "Oracle"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "5",
          "product" : {
            "name" : "Red Hat Enterprise Linux 5",
            "product_id" : "74289",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:redhat:enterprise_linux:5::server"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Enterprise Linux"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "5",
          "product" : {
            "name" : "Red Hat Enterprise Linux Desktop 5",
            "product_id" : "T002352",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:redhat:enterprise_linux_desktop:5:client"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Enterprise Linux Desktop"
      }, {
        "category" : "product_name",
        "name" : "Red Hat JBoss Fuse",
        "product" : {
          "name" : "Red Hat JBoss Fuse",
          "product_id" : "T003086",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:redhat:jboss_fuse:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Red Hat Network Satellite Server",
        "product" : {
          "name" : "Red Hat Network Satellite Server",
          "product_id" : "9603",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:redhat:network_satelite_server:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Red Hat"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "SUSE Linux",
        "product" : {
          "name" : "SUSE Linux",
          "product_id" : "T002207",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:suse:suse_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "SUSE"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2014-0114",
    "product_status" : {
      "known_affected" : [ "T004011", "T004012", "T009408", "T013722", "T003109", "T004914", "T001987", "T001985", "T001984", "T001983", "T001982", "T001981", "T004073", "T008871", "T001021", "T002352", "T003086", "T004010", "T004000", "T004001", "T004002", "T004003", "T004004", "T004005", "T004006", "T004007", "T003997", "74289", "T003998", "T004009", "T003999", "T002207", "9603", "T001572", "T022173" ]
    },
    "release_date" : "2014-05-06T22:00:00.000+00:00",
    "title" : "CVE-2014-0114"
  } ]
}