{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2014-07-08T00:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3540", "datePublished": "2014-07-08T01:00:00", "dateRejected": "2014-07-08T00:57:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2014-07-08T00:57:00", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}], "id": "CVE-2014-3540", "lastModified": "2023-11-07T02:20:11.980", "metrics": {}, "published": "2014-07-08T04:11:37.523", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "commons-beanutils: 'class' property is exposed, potentially leading to RCE", "id": "1116665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2014-3540", "public_date": "2014-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3540\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3540\nhttp://openwall.com/lists/oss-security/2014/07/08/1"], "statement": "MITRE has rejected this CVE ID, favoring the use of CVE-2014-0114.\nThis flaw was the root cause of CVE-2014-0114, a flaw in Apache Struts 1 that could lead to unauthenticated remote code execution under certains conditions. Other frameworks built on commons-beanutils, such as Apache Stripes, are likely to expose similar issues. commons-beanutils 1.9.2 has now shipped, including a specialized BeanIntrospector implementation that allows suppressing properties. Frameworks built on commons-beantutils can make use of the new pre-configured SuppressPropertiesBeanIntrospector to address this flaw.", "threat_severity": "Important"}