{"cve": [{"lastseen": "2018-11-09T12:05:26", "bulletinFamily": "NVD", "description": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.", "modified": "2018-11-08T06:29:01", "published": "2014-04-15T19:13:13", "id": "CVE-2014-0107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0107", "title": "CVE-2014-0107", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-10-12T02:11:19", "bulletinFamily": "software", "description": "Description \n\n\nThe TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. ([CVE-2014-0107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107>)) \n\n\nImpact \n\n\nNone. No F5 products are affected by this vulnerability. \n\n\nStatus\n\nF5 Product Development has assigned ID 478827 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.4.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.4.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.4.0 \n| None \nLineRate | None | 2.4.0 - 2.4.1 \n2.2.0 - 2.2.5 \n1.6.0 \n| None \n \nRecommended Action\n\nNone \n\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-15T21:54:00", "href": "https://support.f5.com/csp/article/K15595", "id": "F5:K15595", "type": "f5", "title": "Apache Xalan-Java vulnerability CVE-2014-0107", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:59", "bulletinFamily": "software", "description": "Recommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-09-15T00:00:00", "published": "2014-09-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15595.html", "id": "SOL15595", "title": "SOL15595 - Apache Xalan-Java vulnerability CVE-2014-0107", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:11", "bulletinFamily": "unix", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:08", "published": "2014-04-30T04:00:00", "id": "RHSA-2014:0453", "href": "https://access.redhat.com/errata/RHSA-2014:0453", "type": "redhat", "title": "(RHSA-2014:0453) Important: Red Hat JBoss Enterprise Application Platform 6.2.2 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:46:24", "bulletinFamily": "unix", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "modified": "2019-02-20T17:14:26", "published": "2014-04-30T22:47:56", "id": "RHSA-2014:0454", "href": "https://access.redhat.com/errata/RHSA-2014:0454", "type": "redhat", "title": "(RHSA-2014:0454) Important: Red Hat JBoss Enterprise Application Platform 6.2.2 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:45:53", "bulletinFamily": "unix", "description": "JBoss Enterprise Application Platform is a platform for Java applications,\nwhich integrates the JBoss Application Server with JBoss Hibernate and\nJBoss Seam.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nThis update also fixes the following bug:\n\nIt was observed that when using the Transfomer to convert a StreamSource to\nDOMResult, the performance of the conversion degraded as the size of the\ncharacter data increased. For example, converting a 50 MB XML BLOB would\ntake a very long time to finish. This issue has been resolved in this\nrelease by adjusting both the SAX2DOM and DOMBuilder classes to handle\nlarger inputs more efficiently. (JBPAPP-10991)\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update. The JBoss\nserver process must be restarted for this update to take effect.", "modified": "2019-02-20T17:15:25", "published": "2014-06-02T17:57:05", "id": "RHSA-2014:0590", "href": "https://access.redhat.com/errata/RHSA-2014:0590", "type": "redhat", "title": "(RHSA-2014:0590) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:41:57", "bulletinFamily": "unix", "description": "JBoss Enterprise Application Platform is a platform for Java applications,\nwhich integrates the JBoss Application Server with JBoss Hibernate and\nJBoss Seam.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nThis update also fixes the following bug:\n\nIt was observed that when using the Transfomer to convert a StreamSource to\nDOMResult, the performance of the conversion degraded as the size of the\ncharacter data increased. For example, converting a 50 MB XML BLOB would\ntake a very long time to finish. This issue has been resolved in this\nrelease by adjusting both the SAX2DOM and DOMBuilder classes to handle\nlarger inputs more efficiently. (JBPAPP-10991)\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T02:37:45", "published": "2014-06-02T04:00:00", "id": "RHSA-2014:0591", "href": "https://access.redhat.com/errata/RHSA-2014:0591", "type": "redhat", "title": "(RHSA-2014:0591) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:43:32", "bulletinFamily": "unix", "description": "Xalan-Java is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:33", "published": "2014-04-01T04:00:00", "id": "RHSA-2014:0348", "href": "https://access.redhat.com/errata/RHSA-2014:0348", "type": "redhat", "title": "(RHSA-2014:0348) Important: xalan-j2 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:45:30", "bulletinFamily": "unix", "description": "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll users of JBoss Enterprise Portal Platform 5.2.2 as provided from the\nRed Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:17:15", "published": "2014-08-14T19:37:51", "id": "RHSA-2014:1059", "href": "https://access.redhat.com/errata/RHSA-2014:1059", "type": "redhat", "title": "(RHSA-2014:1059) Important: JBoss Enterprise Portal Platform 5.2.2 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:48:28", "bulletinFamily": "unix", "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n5.3.1. It includes various bug fixes. The following security issues are\nalso fixed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", "modified": "2019-02-20T17:17:15", "published": "2014-08-05T18:03:48", "id": "RHSA-2014:1007", "href": "https://access.redhat.com/errata/RHSA-2014:1007", "type": "redhat", "title": "(RHSA-2014:1007) Important: Red Hat JBoss BRMS 5.3.1 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-06T19:01:10", "bulletinFamily": "unix", "description": "Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.\nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. The following\nsecurity issues are addressed with this release:\n\nIt was discovered that Apache Shiro authenticated users without specifying\na user name or a password when used in conjunction with an LDAP back end\nthat allowed unauthenticated binds. (CVE-2014-0074)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nAll users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the\nRed Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ\nEnterprise 7.1.0 R1 P6.\n", "modified": "2018-05-03T23:15:51", "published": "2014-10-09T04:00:00", "id": "RHSA-2014:1369", "href": "https://access.redhat.com/errata/RHSA-2014:1369", "type": "redhat", "title": "(RHSA-2014:1369) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:47:20", "bulletinFamily": "unix", "description": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for\nRed Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.0.2 Release Notes for information\non the most significant of these changes. The Release Notes will be\navailable shortly at\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features. A\nremote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ServerTrustManager in the Smack XMPP API did not\nverify basicConstraints and nameConstraints in X.509 certificate chains. A\nman-in-the-middle attacker could use this flaw to spoof servers and obtain\nsensitive information. (CVE-2014-0363)\n\nIt was found that the ParseRoster component in the Smack XMPP API did not\nverify the From attribute of a roster-query IQ stanza. A remote attacker\ncould use this flaw to spoof IQ responses. (CVE-2014-0364)\n\nAll users of Red Hat JBoss BPM Suite 6.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.2.", "modified": "2019-02-20T17:16:11", "published": "2014-07-01T00:43:02", "id": "RHSA-2014:0819", "href": "https://access.redhat.com/errata/RHSA-2014:0819", "type": "redhat", "title": "(RHSA-2014:0819) Important: Red Hat JBoss BPM Suite 6.0.2 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:48:00", "bulletinFamily": "unix", "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.0.2 serves as a replacement for Red\nHat JBoss BRMS 6.0.1, and includes bug fixes and enhancements. Refer to the\nRed Hat JBoss BRMS 6.0.2 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available shortly\nat https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BRMS/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ServerTrustManager in the Smack XMPP API did not\nverify basicConstraints and nameConstraints in X.509 certificate chains.\nA man-in-the-middle attacker could use this flaw to spoof servers and\nobtain sensitive information. (CVE-2014-0363)\n\nIt was found that the ParseRoster component in the Smack XMPP API did not\nverify the From attribute of a roster-query IQ stanza. A remote attacker\ncould use this flaw to spoof IQ responses. (CVE-2014-0364)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue.\n\nAll users of Red Hat JBoss BRMS 6.0.1 as provided from the Red Hat Customer\nPortal are advised to upgrade to Red Hat JBoss BRMS 6.0.2.", "modified": "2019-02-20T17:16:11", "published": "2014-07-01T00:42:20", "id": "RHSA-2014:0818", "href": "https://access.redhat.com/errata/RHSA-2014:0818", "type": "redhat", "title": "(RHSA-2014:0818) Important: Red Hat JBoss BRMS 6.0.2 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:21:00", "bulletinFamily": "scanner", "description": "Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-0348.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73309", "published": "2014-04-03T00:00:00", "title": "CentOS 5 / 6 : xalan-j2 (CESA-2014:0348)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0348 and \n# CentOS Errata and Security Advisory 2014:0348 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73309);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0348\");\n\n script_name(english:\"CentOS 5 / 6 : xalan-j2 (CESA-2014:0348)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xalan-j2 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into\nHTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6cacc26\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-April/020240.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f709aded\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"xalan-j2-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xalan-j2-demo-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xalan-j2-javadoc-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xalan-j2-manual-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xalan-j2-xsltc-2.7.0-9.9.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:00", "bulletinFamily": "scanner", "description": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan- Java. (CVE-2014-0107)", "modified": "2018-12-28T00:00:00", "id": "SL_20140401_XALAN_J2_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73296", "published": "2014-04-02T00:00:00", "title": "Scientific Linux Security Update : xalan-j2 on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73296);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-0107\");\n\n script_name(english:\"Scientific Linux Security Update : xalan-j2 on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan- Java. (CVE-2014-0107)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1404&L=scientific-linux-errata&T=0&P=188\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0785aa64\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-debuginfo-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"xalan-j2-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xalan-j2-demo-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xalan-j2-javadoc-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xalan-j2-manual-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xalan-j2-xsltc-2.7.0-9.9.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:01", "bulletinFamily": "scanner", "description": "This update fixes a remote code execution security vulnerability (CVE-2014-0107).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-4426.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73356", "published": "2014-04-07T00:00:00", "title": "Fedora 19 : xalan-j2-2.7.1-22.fc19 (2014-4426)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4426.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73356);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"FEDORA\", value:\"2014-4426\");\n\n script_name(english:\"Fedora 19 : xalan-j2-2.7.1-22.fc19 (2014-4426)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a remote code execution security vulnerability\n(CVE-2014-0107).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1080248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5382a6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xalan-j2-2.7.1-22.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:37", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201604-02 (Xalan-Java: Arbitrary code execution)\n\n The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled.\n This can also be exploited via a Java property that is bound to the XSLT 1.0 system-property function.\n Impact :\n\n A remote attacker could inject specially crafted XSLT properties resulting in the execution of arbitrary code with the privileges of the process.\n Workaround :\n\n There is no known work around at this time.", "modified": "2016-04-05T00:00:00", "id": "GENTOO_GLSA-201604-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90340", "published": "2016-04-05T00:00:00", "title": "GLSA-201604-02 : Xalan-Java: Arbitrary code execution", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201604-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90340);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/04/05 21:32:30 $\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_xref(name:\"GLSA\", value:\"201604-02\");\n\n script_name(english:\"GLSA-201604-02 : Xalan-Java: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201604-02\n(Xalan-Java: Arbitrary code execution)\n\n The TransformerFactory in Apache Xalan-Java does not properly restrict\n access to certain properties when FEATURE_SECURE_PROCESSING is enabled.\n This can also be exploited via a Java property that is bound to the XSLT\n 1.0 system-property function.\n \nImpact :\n\n A remote attacker could inject specially crafted XSLT properties\n resulting in the execution of arbitrary code with the privileges of the\n process.\n \nWorkaround :\n\n There is no known work around at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201604-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Xalan-Java users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/xalan-2.7.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xalan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/xalan\", unaffected:make_list(\"ge 2.7.2\"), vulnerable:make_list(\"lt 2.7.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xalan-Java\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:08", "bulletinFamily": "scanner", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "modified": "2018-12-27T00:00:00", "id": "REDHAT-RHSA-2014-0453.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73796", "published": "2014-05-01T00:00:00", "title": "RHEL 5 / 6 : JBoss EAP (RHSA-2014:0453)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0453. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73796);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/27 10:05:36\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0453\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EAP (RHSA-2014:0453)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages\nthat fix one security issue are now available for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 on\nRed Hat Enterprise Linux 5 and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0107\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2-eap6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0453\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"xalan-j2-eap6-\") || rpm_exists(release:\"RHEL6\", rpm:\"xalan-j2-eap6-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"xalan-j2-eap6-2.7.1-9.redhat_7.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-eap6-2.7.1-9.redhat_7.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2-eap6\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:00", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0348 :\n\nUpdated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2014-0348.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73294", "published": "2014-04-02T00:00:00", "title": "Oracle Linux 5 / 6 : xalan-j2 (ELSA-2014-0348)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0348 and \n# Oracle Linux Security Advisory ELSA-2014-0348 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73294);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0348\");\n\n script_name(english:\"Oracle Linux 5 / 6 : xalan-j2 (ELSA-2014-0348)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0348 :\n\nUpdated xalan-j2 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into\nHTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004058.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-demo-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-javadoc-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-manual-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-xsltc-2.7.0-9.9.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2 / xalan-j2-demo / xalan-j2-javadoc / xalan-j2-manual / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:53", "bulletinFamily": "scanner", "description": "The version Oracle WebCenter Sites installed on the remote host is missing a security patch from the January 2016 Critical Patch Update (CPU). It is, therefore, affected by a security bypass vulnerability in the Apache Xalan-Java library due to a failure to properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can exploit this to bypass restrictions and load arbitrary classes or access external resources.", "modified": "2018-11-15T00:00:00", "id": "ORACLE_WEBCENTER_SITES_JAN_2016_CPU.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88044", "published": "2016-01-21T00:00:00", "title": "Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88044);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n\n script_name(english:\"Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)\");\n script_summary(english:\"Checks for January 2016 CPU patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The website content management system installed on the remote host is\naffected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version Oracle WebCenter Sites installed on the remote host is\nmissing a security patch from the January 2016 Critical Patch Update\n(CPU). It is, therefore, affected by a security bypass vulnerability\nin the Apache Xalan-Java library due to a failure to properly restrict\naccess to certain properties when FEATURE_SECURE_PROCESSING is\nenabled. A remote attacker can exploit this to bypass restrictions and\nload arbitrary classes or access external resources.\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf53dcd7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies('oracle_webcenter_sites_installed.nbin');\n script_require_keys('SMB/WebCenter_Sites/Installed');\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = kb_smb_transport();\n\nget_kb_item_or_exit('SMB/WebCenter_Sites/Installed');\n\nversions = get_kb_list('SMB/WebCenter_Sites/*/Version');\nif (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');\n\nreport = '';\n\nforeach key (keys(versions))\n{\n fix = '';\n\n version = versions[key];\n revision = get_kb_item(key - '/Version' + '/Revision');\n path = get_kb_item(key - '/Version' + '/Path');\n\n if (isnull(version) || isnull(revision)) continue;\n\n # Patch 22174981 - 11.1.1.8.0 < Revision 180102\n if (version =~ \"^11\\.1\\.1\\.8\\.0$\" && revision < 180102)\n fix = '\\n Fixed revision : 180102' +\n '\\n Required patch : 22174981';\n\n # Patch 21834997 - 7.6.2 < Revision 179663\n if (version =~ \"^7\\.6\\.2(\\.|$)\" && revision < 179663)\n fix = '\\n Fixed revision : 179663' +\n '\\n Required patch : 21834997';\n\n if (fix != '')\n {\n if (!isnull(path)) report += '\\n Path : ' + path;\n report += '\\n Version : ' + version +\n '\\n Revision : ' + revision +\n fix + '\\n';\n }\n}\n\nif (report != '')\n{\n if (report_verbosity > 0) security_hole(port:port, extra:report);\n else security_hole(port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Oracle WebCenter Sites\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:01", "bulletinFamily": "scanner", "description": "xalan-j2 has been updated to ensure that secure processing can't be circumvented. (CVE-2014-0107)", "modified": "2014-07-05T00:00:00", "id": "SUSE_11_XALAN-J2-140623.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76373", "published": "2014-07-05T00:00:00", "title": "SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76373);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/07/05 23:31:16 $\");\n\n script_cve_id(\"CVE-2014-0107\");\n\n script_name(english:\"SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xalan-j2 has been updated to ensure that secure processing can't be\ncircumvented. (CVE-2014-0107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9426.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:05", "bulletinFamily": "scanner", "description": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-325.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73653", "published": "2014-04-23T00:00:00", "title": "Amazon Linux AMI : xalan-j2 (ALAS-2014-325)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-325.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73653);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_xref(name:\"ALAS\", value:\"2014-325\");\n script_xref(name:\"RHSA\", value:\"2014:0348\");\n\n script_name(english:\"Amazon Linux AMI : xalan-j2 (ALAS-2014-325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-325.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update xalan-j2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"xalan-j2-2.7.0-9.9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xalan-j2-demo-2.7.0-9.9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xalan-j2-javadoc-2.7.0-9.9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xalan-j2-manual-2.7.0-9.9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xalan-j2-xsltc-2.7.0-9.9.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2 / xalan-j2-demo / xalan-j2-javadoc / xalan-j2-manual / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:59", "bulletinFamily": "scanner", "description": "Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2886.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73216", "published": "2014-03-27T00:00:00", "title": "Debian DSA-2886-1 : libxalan2-java - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2886. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73216);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"DSA\", value:\"2886\");\n\n script_name(english:\"Debian DSA-2886-1 : libxalan2-java - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,\na Java library for XSLT processing. Crafted XSLT programs could access\nsystem properties or load arbitrary classes, resulting in information\ndisclosure and, potentially, arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxalan2-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2886\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxalan2-java packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.7.1-5+deb6u1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.1-7+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxalan2-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxalan2-java\", reference:\"2.7.1-5+deb6u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxalan2-java\", reference:\"2.7.1-7+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxalan2-java-doc\", reference:\"2.7.1-7+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxsltc-java\", reference:\"2.7.1-7+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:48", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2886-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 26, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxalan2-java\nCVE ID : CVE-2014-0107\nDebian Bug : 742577\n\nNicolas Gregoire discovered several vulnerabilities in libxalan2-java,\na Java library for XSLT processing. Crafted XSLT programs could\naccess system properties or load arbitrary classes, resulting in\ninformation disclosure and, potentially, arbitrary code execution.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-5+deb6u1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.1-7+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.1-9.\n\nWe recommend that you upgrade your libxalan2-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-03-26T20:45:17", "published": "2014-03-26T20:45:17", "id": "DEBIAN:DSA-2886-1:64DF1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00059.html", "title": "[SECURITY] [DSA 2886-1] libxalan2-java security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:12", "bulletinFamily": "unix", "description": "### Background\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. \n\n### Description\n\nThe TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. This can also be exploited via a Java property that is bound to the XSLT 1.0 system-property function. \n\n### Impact\n\nA remote attacker could inject specially crafted XSLT properties resulting in the execution of arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nAll Xalan-Java users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/xalan-2.7.2\"", "modified": "2016-04-02T00:00:00", "published": "2016-04-02T00:00:00", "id": "GLSA-201604-02", "href": "https://security.gentoo.org/glsa/201604-02", "type": "gentoo", "title": "Xalan-Java: Arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-27T10:48:47", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2017-07-12T00:00:00", "published": "2014-04-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871148", "id": "OPENVAS:871148", "title": "RedHat Update for xalan-j2 RHSA-2014:0348-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xalan-j2 RHSA-2014:0348-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871148);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 13:05:07 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for xalan-j2 RHSA-2014:0348-01\");\n\n tag_insight = \"Xalan-Java is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"xalan-j2 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0348-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00000.html\");\n script_summary(\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~9.9.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-debuginfo\", rpm:\"xalan-j2-debuginfo~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-demo\", rpm:\"xalan-j2-demo~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-javadoc\", rpm:\"xalan-j2-javadoc~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-manual\", rpm:\"xalan-j2-manual~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-xsltc\", rpm:\"xalan-j2-xsltc~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:23", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2017-07-10T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867670", "id": "OPENVAS:867670", "title": "Fedora Update for xalan-j2 FEDORA-2014-4443", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xalan-j2 FEDORA-2014-4443\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867670);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:17:18 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xalan-j2 FEDORA-2014-4443\");\n\n tag_insight = \"Xalan is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types. It implements the W3C Recommendations\nfor XSL Transformations (XSLT) and the XML Path Language (XPath). It can\nbe used from the command line, in an applet or a servlet, or as a module\nin other program.\n\";\n\n tag_affected = \"xalan-j2 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4443\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131158.html\");\n script_summary(\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.1~22.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:31", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2017-07-10T00:00:00", "published": "2014-04-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881911", "id": "OPENVAS:881911", "title": "CentOS Update for xalan-j2 CESA-2014:0348 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xalan-j2 CESA-2014:0348 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881911);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:29:57 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for xalan-j2 CESA-2014:0348 centos6 \");\n\n tag_insight = \"Xalan-Java is an XSLT processor for transforming XML documents\ninto HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"xalan-j2 on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0348\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020240.html\");\n script_summary(\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-demo\", rpm:\"xalan-j2-demo~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-javadoc\", rpm:\"xalan-j2-javadoc~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-manual\", rpm:\"xalan-j2-manual~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-xsltc\", rpm:\"xalan-j2-xsltc~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310871148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871148", "title": "RedHat Update for xalan-j2 RHSA-2014:0348-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xalan-j2 RHSA-2014:0348-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871148\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 13:05:07 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for xalan-j2 RHSA-2014:0348-01\");\n\n\n script_tag(name:\"affected\", value:\"xalan-j2 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Xalan-Java is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0348-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00000.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xalan-j2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~9.9.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-debuginfo\", rpm:\"xalan-j2-debuginfo~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-demo\", rpm:\"xalan-j2-demo~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-javadoc\", rpm:\"xalan-j2-javadoc~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-manual\", rpm:\"xalan-j2-manual~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-xsltc\", rpm:\"xalan-j2-xsltc~2.7.0~6jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-12T12:38:08", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks", "modified": "2018-10-12T00:00:00", "published": "2016-04-06T00:00:00", "id": "OPENVAS:1361412562310121459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121459", "title": "Gentoo Security Advisory GLSA 201604-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201604-02.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121459\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-04-06 14:30:00 +0300 (Wed, 06 Apr 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201604-02\");\n script_tag(name:\"insight\", value:\"The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. This can also be exploited via a Java property that is bound to the XSLT 1.0 system-property function.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201604-02\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-java/xalan\", unaffected: make_list(\"ge 2.7.2\"), vulnerable: make_list(\"lt 2.7.2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:02:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850772", "title": "SuSE Update for xalan-j2 SUSE-SU-2014:0870-1 (xalan-j2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0870_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for xalan-j2 SUSE-SU-2014:0870-1 (xalan-j2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850772\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for xalan-j2 SUSE-SU-2014:0870-1 (xalan-j2)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xalan-j2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"xalan-j2 has been updated to ensure that secure processing can't be\n circumvented (CVE-2014-0107).\");\n\n script_tag(name:\"affected\", value:\"xalan-j2 on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0870_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~217.26.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:54", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2018-04-06T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310867674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867674", "title": "Fedora Update for xalan-j2 FEDORA-2014-4426", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xalan-j2 FEDORA-2014-4426\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867674\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:26:04 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xalan-j2 FEDORA-2014-4426\");\n\n tag_insight = \"Xalan is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types. It implements the W3C Recommendations\nfor XSL Transformations (XSLT) and the XML Path Language (XPath). It can\nbe used from the command line, in an applet or a servlet, or as a module\nin other program.\n\";\n\n tag_affected = \"xalan-j2 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4426\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131146.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.1~22.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:16", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2018-04-06T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310881911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881911", "title": "CentOS Update for xalan-j2 CESA-2014:0348 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xalan-j2 CESA-2014:0348 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881911\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:29:57 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for xalan-j2 CESA-2014:0348 centos6 \");\n\n tag_insight = \"Xalan-Java is an XSLT processor for transforming XML documents\ninto HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"xalan-j2 on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0348\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020240.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-demo\", rpm:\"xalan-j2-demo~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-javadoc\", rpm:\"xalan-j2-javadoc~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-manual\", rpm:\"xalan-j2-manual~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xalan-j2-xsltc\", rpm:\"xalan-j2-xsltc~2.7.0~9.9.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:25", "bulletinFamily": "scanner", "description": "Check for the Version of xalan-j2", "modified": "2018-04-06T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310867670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867670", "title": "Fedora Update for xalan-j2 FEDORA-2014-4443", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xalan-j2 FEDORA-2014-4443\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867670\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:17:18 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xalan-j2 FEDORA-2014-4443\");\n\n tag_insight = \"Xalan is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types. It implements the W3C Recommendations\nfor XSL Transformations (XSLT) and the XML Path Language (XPath). It can\nbe used from the command line, in an applet or a servlet, or as a module\nin other program.\n\";\n\n tag_affected = \"xalan-j2 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4443\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131158.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.1~22.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:04:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-05-26T00:00:00", "id": "OPENVAS:1361412562310841827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841827", "title": "Ubuntu Update for libxalan2-java USN-2218-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2218_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for libxalan2-java USN-2218-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841827\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 15:56:51 +0530 (Mon, 26 May 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for libxalan2-java USN-2218-1\");\n\n\n script_tag(name:\"affected\", value:\"libxalan2-java on Ubuntu 13.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Nicolas Gregoire discovered that Xalan-Java incorrectly\nhandled certain properties when the secure processing feature was enabled.\nAn attacker could possibly use this issue to load arbitrary classes or access\nexternal resources.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2218-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2218-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxalan2-java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|13\\.10)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxalan2-java\", ver:\"2.7.1-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxsltc-java\", ver:\"2.7.1-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxalan2-java\", ver:\"2.7.1-5ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxalan2-java-gcj\", ver:\"2.7.1-5ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxsltc-java\", ver:\"2.7.1-5ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxsltc-java-gcj\", ver:\"2.7.1-5ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxalan2-java\", ver:\"2.7.1-8ubuntu0.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxsltc-java\", ver:\"2.7.1-8ubuntu0.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2218-1\r\nMay 21, 2014\r\n\r\nlibxalan2-java vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nXalan-Java could be made to load arbitrary classes or access external\r\nresources.\r\n\r\nSoftware Description:\r\n- libxalan2-java: XSL Transformations (XSLT) processor in Java\r\n\r\nDetails:\r\n\r\nNicolas Gregoire discovered that Xalan-Java incorrectly handled certain\r\nproperties when the secure processing feature was enabled. An attacker\r\ncould possibly use this issue to load arbitrary classes or access external\r\nresources.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libxalan2-java 2.7.1-8ubuntu0.1\r\n libxsltc-java 2.7.1-8ubuntu0.1\r\n\r\nUbuntu 12.04 LTS:\r\n libxalan2-java 2.7.1-7ubuntu0.1\r\n libxsltc-java 2.7.1-7ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libxalan2-java 2.7.1-5ubuntu1.1\r\n libxalan2-java-gcj 2.7.1-5ubuntu1.1\r\n libxsltc-java 2.7.1-5ubuntu1.1\r\n libxsltc-java-gcj 2.7.1-5ubuntu1.1\r\n\r\nAfter a standard system update you need to reboot your computer to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2218-1\r\n CVE-2014-0107\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libxalan2-java/2.7.1-8ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxalan2-java/2.7.1-7ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxalan2-java/2.7.1-5ubuntu1.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-06-14T00:00:00", "published": "2014-06-14T00:00:00", "id": "SECURITYVULNS:DOC:30865", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30865", "title": "[USN-2218-1] Xalan-Java vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n\r\n#2014-002 Xalan-Java insufficient secure processing\r\n\r\nDescription:\r\n\r\nThe Xalan-Java library is a popular XSLT processor from the Apache Software\r\nFoundation.\r\n\r\nThe library implements the Java API for XML Processing (JAXP) which supports a\r\nsecure processing feature for interpretive and XSLCT processors. The intent of\r\nthis feature is to limit XSLT/XML processing behaviours to "make the XSLT\r\nprocessor behave in a secure fashion".\r\n\r\nIt has been discovered that the secure processing features suffers from several\r\nlimitations that undermine its purpose. The enabling of the secure processing\r\nfeature in fact still allows the following processing to take place:\r\n\r\n * Java properties, bound to XSLT 1.0 system-property(), are accessible.\r\n * output properties that allow to load arbitrary classes or resources\r\n are allowed (XALANJ-2435).\r\n * arbitrary code can be executed if the Bean Scripting Framework (BSF)\r\n is in the classpath, as it allows to spawn available JARs with secure\r\n processing disabled, effectively bypassing the intended protection.\r\n\r\nAffected version:\r\n\r\nXalan-Java >= 2.7.0\r\n\r\nFixed version:\r\n\r\nXalan-Java >= r1581058 (see references)\r\n\r\nCredit: vulnerability report received from Nicolas Gregoire\r\n <nicolas.gregoire AT agarri.fr>.\r\n\r\nCVE: CVE-2014-0107\r\n\r\nTimeline:\r\n2014-02-05: vulnerability report received\r\n2014-02-05: reporter provides disclosure date set to 2014-03-21\r\n2014-02-06: contacted Apache Security Team\r\n2014-03-17: maintainer provides patch for review\r\n2014-03-17: reporter confirms patch\r\n2014-03-21: assigned CVE\r\n2014-03-24: maintainer commits patch\r\n2014-03-24: advisory release\r\n\r\nReferences:\r\nhttp://xml.apache.org/xalan-j\r\nhttps://issues.apache.org/jira/browse/XALANJ-2435\r\nhttp://svn.apache.org/viewvc?view=revision&revision=1581058\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2014-002.html\r\n\r\n-- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <lcars@ocert.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"\r\n", "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:DOC:30394", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30394", "title": "[oCERT-2014-002] Xalan-Java insufficient secure processing", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2886-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nMarch 26, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libxalan2-java\r\nCVE ID : CVE-2014-0107\r\nDebian Bug : 742577\r\n\r\nNicolas Gregoire discovered several vulnerabilities in libxalan2-java,\r\na Java library for XSLT processing. Crafted XSLT programs could\r\naccess system properties or load arbitrary classes, resulting in\r\ninformation disclosure and, potentially, arbitrary code execution.\r\n\r\nFor the oldstable distribution (squeeze), this problem has been fixed in\r\nversion 2.7.1-5+deb6u1.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 2.7.1-7+deb7u1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.7.1-9.\r\n\r\nWe recommend that you upgrade your libxalan2-java packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJTMzhoAAoJEL97/wQC1SS+XDgH+QFIhm6HIEaSB5AyGnW/3h1i\r\ntM+qTA5Oze8FwHTLXYdLbu1V5rJUsNKNdtF/ldf9n+D3MACc8u2Sz3BOa+gixKCz\r\nBWk5s9vc8gRBHz0L/Q3ev+Nf6GKTg25ToMy+iwZhj/p0LjpEYYQRa8GbWepgasDx\r\nUqo34fuiq8z8Ntbs9xpQZLxCeoLFTPvRl1Pp++5uroMriulEAg1NH0cl6b8Cv4R8\r\nMrAP6H6CsvmGZXc24OZTvnW1zuflCSw7YDdaEB/6MXtRejUugVqBh7Rbn3Gdp9N/\r\nYIaKStItV0sK+uWBtgUl/l43Lcgy4hBJD6SnFRwCLnO5n0/GK3dh6367jqz5vpU=\r\n=+zPT\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:DOC:30388", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30388", "title": "[SECURITY] [DSA 2886-1] libxalan2-java security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2014-06-14T00:00:00", "published": "2014-06-14T00:00:00", "id": "SECURITYVULNS:VULN:13836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13836", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:14", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. ([CVE-2014-0107 __](<https://access.redhat.com/security/cve/CVE-2014-0107>))\n\n \n**Affected Packages:** \n\n\nxalan-j2\n\n \n**Issue Correction:** \nRun _yum update xalan-j2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n xalan-j2-demo-2.7.0-9.9.9.amzn1.noarch \n xalan-j2-javadoc-2.7.0-9.9.9.amzn1.noarch \n xalan-j2-2.7.0-9.9.9.amzn1.noarch \n xalan-j2-manual-2.7.0-9.9.9.amzn1.noarch \n xalan-j2-xsltc-2.7.0-9.9.9.amzn1.noarch \n \n src: \n xalan-j2-2.7.0-9.9.9.amzn1.src \n \n \n", "modified": "2014-09-18T00:22:00", "published": "2014-09-18T00:22:00", "id": "ALAS-2014-325", "href": "https://alas.aws.amazon.com/ALAS-2014-325.html", "title": "Important: xalan-j2", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "description": "xalan-j2 has been updated to ensure that secure processing can't be\n circumvented (CVE-2014-0107).\n\n Security Issues:\n\n * CVE-2014-0107\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107</a>>\n\n", "modified": "2014-07-04T21:04:15", "published": "2014-07-04T21:04:15", "id": "SUSE-SU-2014:0870-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00003.html", "title": "Security update for xalan-j2 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:46:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0348\n\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020239.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020240.html\n\n**Affected packages:**\nxalan-j2\nxalan-j2-demo\nxalan-j2-javadoc\nxalan-j2-manual\nxalan-j2-xsltc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0348.html", "modified": "2014-04-02T12:22:27", "published": "2014-04-02T12:17:13", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/020239.html", "id": "CESA-2014:0348", "title": "xalan security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:53", "bulletinFamily": "unix", "description": "Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources.", "modified": "2014-05-21T00:00:00", "published": "2014-05-21T00:00:00", "id": "USN-2218-1", "href": "https://usn.ubuntu.com/2218-1/", "title": "Xalan-Java vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:29:36", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-0107\r\n\r\nApache Xalan-Java\u662f\u4e00\u4e2a\u4f7f\u7528Java\u548cC++\u6765\u5b9e\u73b0XSLT\u5e93\u7684\u9879\u76ee\u3002\r\n\r\nApache Xalan-Java\u5904\u7406\u90e8\u5206\u8f93\u51fa\u5c5e\u6027\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u5904\u7406\u7279\u6027(FEATURE_SECURE_PROCESSING)\uff0c\u53ef\u8bbf\u95ee\u53d7\u9650\u5c5e\u6027\u6216\u52a0\u8f7d\u4efb\u610f\u53d7\u9650\u7c7b\u3002\n0\nApache Xalan-Java 2.7.0\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://issues.apache.org/jira/browse/XALANJ-2435", "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61951", "id": "SSV:61951", "title": "Apache Xalan-Java FEATURE_SECURE_PROCESSIN\u5c5e\u6027\u5904\u7406\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:28:30", "bulletinFamily": "exploit", "description": "Bugtraq ID:66397\r\nCVE ID:CVE-2014-0107\r\n\r\nApache Xalan-Java\u662f\u4e00\u4e2a\u4f7f\u7528Java\u548cC++\u6765\u5b9e\u73b0XSLT\u5e93\u7684\u9879\u76ee\u3002\r\n\r\n\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u95ee\u9898\u6765\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u8fd9\u53ef\u80fd\u6709\u52a9\u4e8e\u53d1\u52a8\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\n0\nApache Software Foundation Xalan-java 2.7\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://xml.apache.org/xalan-j/", "modified": "2014-04-03T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62048", "id": "SSV:62048", "title": "Apache Xalan-Java Library\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:03", "bulletinFamily": "unix", "description": "[0:2.7.0-9.9]\n- Add patch to fix remote code execution vulnerability\n- Resolves: CVE-2014-0107", "modified": "2014-04-01T00:00:00", "published": "2014-04-01T00:00:00", "id": "ELSA-2014-0348", "href": "http://linux.oracle.com/errata/ELSA-2014-0348.html", "title": "xalan-j2 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:51", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 252 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2310031.1>).\n\nPlease note that on September 22, 2017, Oracle released [Security Alert for CVE-2017-9805](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced in this Security Alert as well as those contained in this Critical Patch update\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2018-02-15T00:00:00", "published": "2017-10-17T00:00:00", "id": "ORACLE:CPUOCT2017-3236626", "href": "", "title": "Oracle Critical Patch Update - October 2017", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T04:13:44", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016-2367955", "href": "", "title": "Oracle Critical Patch Update - January 2016", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
