Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-0254
HistoryMar 09, 2015 - 2:59 p.m.

CVE-2015-0254

2015-03-0914:59:04
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Affected configurations

NVD
Node
apachestandard_taglibsRange1.2.1
Node
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10

References

Related

nessus 16
redhat 10
openvas 9
centos 1
amazon 1
tomcat 1
ibm 38
prion 1
ubuntu 1
securityvulns 2
cvelist 1
osv 1
veracode 1
oraclelinux 1
kaspersky 1
suse 2
mageia 1
cve 1
ubuntucve 1
github 1
oracle 3
nessus
nessus
Oracle Linux 6 / 7 : jakarta-taglibs-standard (ELSA-2015-1695)
2015-09-01 00:00:00
RHEL 5 : JBoss EAP (RHSA-2016:0121)
2016-02-08 00:00:00
RHEL 6 / 7 : jakarta-taglibs-standard (RHSA-2015:1695)
2015-09-01 00:00:00
redhat
redhat
(RHSA-2016:0123) Important: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 7
2016-02-04 21:14:49
(RHSA-2016:0122) Important: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 6
2016-02-04 00:00:00
(RHSA-2016:0125) Important: Red Hat JBoss Enterprise Application Platform 6.4.6 update
2016-02-04 21:17:19
openvas
openvas
CentOS Update for jakarta-taglibs-standard CESA-2015:1695 centos7
2015-09-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1568-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1701-1)
2021-06-09 00:00:00
centos
centos
jakarta security update
2015-09-01 15:35:28
amazon
amazon
Important: jakarta-taglibs-standard
2015-09-22 10:00:00
tomcat
tomcat
Fixed in Apache Standard Taglib 1.2.3
2015-02-20 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2015-0254)
2022-08-19 21:04:31
Security Bulletin: Apache Standard Taglibs Vulnerability Affects IBM Sterling B2B Integrator (CVE-2015-0254)
2021-10-14 13:14:50
Security Bulletin: Vulnerability in Apache Standard Taglibs affects Liberty for Java for IBM Bluemix (CVE-2015-0254)
2018-06-15 07:05:53
prion
prion
Xxe
2015-03-09 14:59:00
ubuntu
ubuntu
Apache Standard Taglibs vulnerability
2015-03-30 00:00:00
securityvulns
securityvulns
Apache taglibs security vulnerabilities
2015-03-08 00:00:00
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
2015-03-08 00:00:00
cvelist
cvelist
CVE-2015-0254
2015-03-09 14:00:00
osv
osv
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
veracode
veracode
XML External Entity (XXE) Through An XSLT Extension
2019-01-15 09:09:55
oraclelinux
oraclelinux
jakarta-taglibs-standard security update
2015-08-31 00:00:00
kaspersky
kaspersky
KLA10483 Code execution vulnerability in Apache Standard Taglib
2015-03-24 00:00:00
suse
suse
Security update for jakarta-taglibs-standard (important)
2017-06-27 00:11:17
Security update for jakarta-taglibs-standard (important)
2017-06-15 00:09:02
mageia
mageia
Updated jakarta-taglibs-standard packages fix CVE-2015-0254
2015-04-10 01:44:14
cve
cve
CVE-2015-0254
2015-03-09 14:59:04
ubuntucve
ubuntucve
CVE-2015-0254
2015-03-09 00:00:00
github
github
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON
Related for NVD:CVE-2015-0254
nessus16redhat10openvas9centos1amazon1tomcat1ibm38prion1ubuntu1securityvulns2cvelist1osv1veracode1oraclelinux1kaspersky1suse2mageia1cve1ubuntucve1github1oracle3