TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation


TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.
CVSS Severity (What is CVSS?)

Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products

  • TERASOLUNA Server Framework for Java(Web) to


On a server where the product in running, a remote attacker may steal information or execute arbitrary code.

[Update the Software]
Update to the latest version according to the information provided by the developer.

On 2014 May 23, TERASOLUNA Server Framework for Java(Web), which contains Apache Struts 1.2.9 with SP1 by TERASOLUNA has been released.
Vendor Information

Apache Software Foundation IBM Corporation Oracle Corporation Red Hat, Inc. NTT DATA Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS14-018
  • Hitachi Software Vulnerability Information : HS14-020
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-0114

  1. JVN : JVN#30962312
  2. JVN iPedia : JVNDB-2014-002308 (in Japanese)
  3. National Vulnerability Database (NVD) : CVE-2014-0114
Revision History

  Web page was published
  Vendor Information : Content was added
  Vendor Information : Content was added
  Vendor Information : Contents were added
  Vendor Information : Content was added
  Vendor Information : Content was added
  Vendor Information : Content was added
  Vendor Information : Contents were added
  Vendor Information : Contents were added
  Vendor Information : Contents were added