Lucene search

K
amazonAmazonALAS-2015-595
HistorySep 22, 2015 - 10:00 a.m.

Important: jakarta-taglibs-standard

2015-09-2210:00:00
alas.aws.amazon.com
26

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

Issue Overview:

It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

Affected Packages:

jakarta-taglibs-standard

Issue Correction:
Run yum update jakarta-taglibs-standard to update your system.

New Packages:

noarch:  
    jakarta-taglibs-standard-1.1.1-11.7.9.amzn1.noarch  
    jakarta-taglibs-standard-javadoc-1.1.1-11.7.9.amzn1.noarch  
  
src:  
    jakarta-taglibs-standard-1.1.1-11.7.9.amzn1.src  

Additional References

Red Hat: CVE-2015-0254

Mitre: CVE-2015-0254

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

Related for ALAS-2015-595