Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

XXE in Apache Standard Taglibs

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

XML External Entity (XXE) Through An XSLT Extension

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 7

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.6, fix several bugs, add various enhancements, and resolve one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A...

Important: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.6

Updated jboss-ec2-eap packages that add one enhancement and resolve one security issue are now available for Red Hat JBoss Enterprise Application Platform 6.4.6 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerabilit...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.6, fix several bugs, add various enhancements, and resolve one security issue are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. A...

Amazon Linux: Security Advisory (ALAS-2015-595)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jakarta security update

CentOS Errata and Security Advisory CESA-2015:1695 Updated jakarta-taglibs-standard packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring Syste...

RedHat Update for jakarta-taglibs-standard RHSA-2015:1695-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

Xxe

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

UBUNTU-CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Severity: Important Vendor: The Apache Software Foundation Versions Affected: Standard Taglibs 1.2.1 The unsupported 1.0.x and 1.1.x versions may also be affected. Description: When an application uses x:parse or x:transform tags to...