69 matches found
SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)
xalan-j2 has been updated to ensure that secure processing can't be circumvented. CVE-2014-0107 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. i...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
USN-2218-1: Xalan-Java vulnerability
Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Amazon Linux AMI : xalan-j2 (ALAS-2014-325)
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
DEBIAN-CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
UBUNTU-CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CentOS Update for xalan-j2 CESA-2014:0348 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for xalan-j2 CESA-2014:0348 centos6
Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
CentOS Update for xalan-j2 CESA-2014:0348 centos5
Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
RedHat Update for xalan-j2 RHSA-2014:0348-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
xalan security update
CentOS Errata and Security Advisory CESA-2014:0348 Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS...
Scientific Linux Security Update : xalan-j2 on SL5.x, SL6.x i386/x86_64 (20140401)
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
PT-2014-1795 · Apache +5 · Apache Xalan-Java +5
Name of the Vulnerable Software and Affected Versions: Apache Xalan-Java versions prior to 2.7.2 Description: The issue allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted xalan:content-header, xalan:entities,...