138 matches found
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
Updated packages for JBoss Enterprise Application Platform 5.2.0 which fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System...
Ubuntu: Security Advisory (USN-2218-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 10.04 LTS / 12.04 LTS / 13.10 : libxalan2-java vulnerability (USN-2218-1)
Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources. Note that Tenable Network Security has extracted the preceding...
RHEL 5 / 6 : JBoss EAP (RHSA-2014:0453)
Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.2 security update
Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.2 security update
An update for Red Hat JBoss Enterprise Application Platform 6.2.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score,...
Amazon Linux AMI : xalan-j2 (ALAS-2014-325)
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Important: xalan-j2
Issue Overview: It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java...
DEBIAN-CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
Design/Logic Flaw
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CVE-2014-0107
CVE-2014-0107 concerns the TransformerFactory in Apache Xalan-Java before 2.7.2, which does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, potentially allowing remote attackers to bypass restrictions and load arbitrary classes or access external reso...
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
UBUNTU-CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...
Apache Xalan-Java Library安全绕过漏洞
Bugtraq ID:66397 CVE ID:CVE-2014-0107 Apache Xalan-Java是一个使用Java和C++来实现XSLT库的项目。 攻击者可以利用这个问题来绕过安全限制,并执行未经授权的操作。这可能有助于发动进一步的攻击。 0 Apache Software Foundation Xalan-java 2.7 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://xml.apache.org/xalan-j/...