Lucene search

K
tomcatApache TomcatTOMCAT:DB1F1FE6D60B303FBCEB1A98F0CAE318
HistoryFeb 20, 2015 - 12:00 a.m.

Fixed in Apache Standard Taglib 1.2.3

2015-02-2000:00:00
Apache Tomcat
tomcat.apache.org
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

Important: Information Disclosure CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a JSTL XML tag.

This issue was identified by the David Jorm of IIX and made public on 27 February 2015.

Affects: All versions prior to 1.2.3

CPENameOperatorVersion
apache taglibslt1.2.3

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%