E-Billing 6.1, 6.2 Security vulnerabilities of Apache Struts CVE-2014-0112 and CVE-2014-0113 (Doc ID 1682646.1)

Last updated on APRIL 27, 2017

Applies to:

Oracle Self-Service E-Billing Consumer Edition - Version 6.1 to 6.2 [Release 6]
Information in this document applies to any platform.

Goal

Is E-Billing 6.2 affected by Security vulnerabilities of Apache Struts CVE-2014-0112 and CVE-2014-0113?

CVE-2014-0112 - Incomplete fix for ClassLoader manipulation via ParametersInterceptor.
CVE-2014-0113 - ClassLoader manipulation via CookieInterceptor when configured to accept all cookies.

Apache Struts 2 Documentation:
http://struts.apache.org/release/2.3.x/docs/s2-021.html

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms