Lucene search
UbuntuUSN-2551-1HistoryMar 30, 2015 - 12:00 a.m.
Apache Standard Taglibs vulnerability
2015-03-3000:00:00
ubuntu.com
28
8.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
Packages
- jakarta-taglibs-standard - Implementation of JSP Standard Tag Library (JSTL)
Details
David Jorm discovered that the Apache Standard Taglibs incorrectly handled
external XML entities. A remote attacker could possibly use this issue to
execute arbitrary code or perform other external XML entity attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | libjakarta-taglibs-standard-java | < 1.1.2-2ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libjstl1.1-java | < 1.1.2-2ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libjakarta-taglibs-standard-java | < 1.1.2-2ubuntu1.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libjstl1.1-java | < 1.1.2-2ubuntu1.14.04.1 | UNKNOWN |
References
Related
redhat
redhat
ibm
ibm
oraclelinux
oraclelinux
jakarta-taglibs-standard security update
2015-08-31 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-595)
2015-09-25 00:00:00
CentOS Update for jakarta-taglibs-standard CESA-2015:1695 centos6
2015-09-02 00:00:00
RedHat Update for jakarta-taglibs-standard RHSA-2015:1695-01
2015-09-01 00:00:00
suse
suse
Security update for jakarta-taglibs-standard (important)
2017-06-27 00:11:17
Security update for jakarta-taglibs-standard (important)
2017-06-15 00:09:02
kaspersky
kaspersky
KLA10483 Code execution vulnerability in Apache Standard Taglib
2015-03-24 00:00:00
nessus
nessus
CentOS 6 / 7 : jakarta-taglibs-standard (CESA-2015:1695)
2015-10-22 00:00:00
RHEL 6 / 7 : jakarta-taglibs-standard (RHSA-2015:1695)
2015-09-01 00:00:00
mageia
mageia
Updated jakarta-taglibs-standard packages fix CVE-2015-0254
2015-04-10 01:44:14
securityvulns
securityvulns
Apache taglibs security vulnerabilities
2015-03-08 00:00:00
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
2015-03-08 00:00:00
cve
cve
CVE-2015-0254
2015-03-09 14:59:00
ubuntucve
ubuntucve
CVE-2015-0254
2015-03-09 00:00:00
github
github
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
osv
osv
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
veracode
veracode
XML External Entity (XXE) Through An XSLT Extension
2019-01-15 09:09:55
prion
prion
Xxe
2015-03-09 14:59:00
centos
centos
jakarta security update
2015-09-01 15:35:28
tomcat
tomcat
Fixed in Apache Standard Taglib 1.2.3
2015-02-20 00:00:00
amazon
amazon
Important: jakarta-taglibs-standard
2015-09-22 10:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
8.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Related for USN-2551-1