My Oracle Support Banner

E-Billing 6.1, 6.2 Security vulnerabilities of Apache Struts CVE-2014-0112 and CVE-2014-0113 (Doc ID 1682646.1)

Last updated on FEBRUARY 28, 2018

Applies to:

Oracle Self-Service E-Billing Consumer Edition - Version 6.1 to 6.2 [Release 6]
Information in this document applies to any platform.

Goal

Is E-Billing 6.2 affected by Security vulnerabilities of Apache Struts CVE-2014-0112 and CVE-2014-0113?

CVE-2014-0112 - Incomplete fix for ClassLoader manipulation via ParametersInterceptor.
CVE-2014-0113 - ClassLoader manipulation via CookieInterceptor when configured to accept all cookies.

Apache Struts 2 Documentation:
http://struts.apache.org/release/2.3.x/docs/s2-021.html

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.