7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Important: Information Disclosure CVE-2015-0254
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a JSTL XML tag.
This issue was identified by the David Jorm of IIX and made public on 27 February 2015.
Affects: All versions prior to 1.2.3
CPE | Name | Operator | Version |
---|---|---|---|
apache taglibs | lt | 1.2.3 |