CVE-2019-3834
Summary
| CVE | CVE-2019-3834 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-03 14:15:00 UTC |
| Updated | 2019-10-10 19:53:00 UTC |
| Description | It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. |
Risk And Classification
Problem Types: CWE-470
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Operations Network | All | All | All | All |
| Application | Redhat | Jboss Operations Network | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1677721 – (CVE-2019-3834) CVE-2019-3834 JON: struts1 reversion of fix for CVE-2014-0114 | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.