ID |
CVE-2015-0254
|
Summary |
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:apache:standard_taglibs:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:standard_taglibs:1.2.1:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 20-07-2021 - 23:15) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
redhat
via4
|
|
refmap
via4
|
bid | 72809 | bugtraq | 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags | confirm | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | misc | | mlist | - [tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20200203 svn commit: r1873527 [27/30] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
- [tomcat-taglibs-user] 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
| sectrack | 1034934 | suse | openSUSE-SU-2015:1751 | ubuntu | USN-2551-1 |
|
Last major update |
20-07-2021 - 23:15 |
Published |
09-03-2015 - 14:59 |
Last modified |
20-07-2021 - 23:15 |