Lucene search

K

[email protected]CVE-2015-0254

HistoryMar 09, 2015 - 2:59 p.m.

CVE-2015-0254

2015-03-0914:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

124

3

apache

standard taglibs

vulnerability

cve-2015-0254

xxe

code execution

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

CPENameOperatorVersion
apache:standard_taglibsapache standard taglibsle1.2.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04

References

lists.opensuse.org/opensuse-updates/2015-10/msg00033.html

mail-archives.apache.org/mod_mbox/tomcat-taglibs-user/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E

packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.html

rhn.redhat.com/errata/RHSA-2015-1695.html

rhn.redhat.com/errata/RHSA-2016-1838.html

rhn.redhat.com/errata/RHSA-2016-1839.html

rhn.redhat.com/errata/RHSA-2016-1840.html

rhn.redhat.com/errata/RHSA-2016-1841.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.securityfocus.com/archive/1/534772/100/0/threaded

www.securityfocus.com/bid/72809

www.securitytracker.com/id/1034934

www.ubuntu.com/usn/USN-2551-1

access.redhat.com/errata/RHSA-2016:1376

lists.apache.org/thread.html/8a20e48acb2a40be5130df91cf9d39d8ad93181989413d4abcaa4914%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6c93d8ade3788dbc00f5a37238bc278e7d859f2446b885460783a16f%40%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/rc1686f6196bb9063bf26577a21b8033c19c1a30e5a9159869c8f3d38%40%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf1179e6971bc46f0f68879a9a10cc97ad4424451b0889aeef04c8077%40%3Cpluto-scm.portals.apache.org%3E

lists.apache.org/thread.html/rfc2bfd99c340dafd501676693cd889c1f9f838b97bdd0776a8f5557d%40%3Cdev.tomcat.apache.org%3E

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html

Social References

More

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

Related for CVE-2015-0254

redhat10 ibm38 oraclelinux1 suse2 kaspersky1 nessus16 openvas9 mageia1 securityvulns2 ubuntu1 ubuntucve1 github1 prion1 tomcat1 centos1 amazon1 osv1 veracode1 oracle3