Lucene search
Ubuntu.comUB:CVE-2015-0254HistoryMar 09, 2015 - 12:00 a.m.
CVE-2015-0254
2015-03-0900:00:00
ubuntu.com
ubuntu.com
13
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute
arbitrary code or conduct external XML entity (XXE) attacks via a crafted
XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | jakarta-taglibs-standard | < 1.1.2-2ubuntu1.14.04.1 | UNKNOWN |
| ubuntu | 14.10 | noarch | jakarta-taglibs-standard | < 1.1.2-2ubuntu1.14.10.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | jakarta-taglibs-standard | < 1.1.2-3ubuntu1 | UNKNOWN |
| ubuntu | 15.10 | noarch | jakarta-taglibs-standard | < 1.1.2-3ubuntu1 | UNKNOWN |
| ubuntu | 16.04 | noarch | jakarta-taglibs-standard | < 1.1.2-3ubuntu1 | UNKNOWN |
| ubuntu | 16.10 | noarch | jakarta-taglibs-standard | < 1.1.2-3ubuntu1 | UNKNOWN |
Related
redhat
redhat
ibm
ibm
oraclelinux
oraclelinux
jakarta-taglibs-standard security update
2015-08-31 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-595)
2015-09-25 00:00:00
CentOS Update for jakarta-taglibs-standard CESA-2015:1695 centos6
2015-09-02 00:00:00
RedHat Update for jakarta-taglibs-standard RHSA-2015:1695-01
2015-09-01 00:00:00
suse
suse
Security update for jakarta-taglibs-standard (important)
2017-06-27 00:11:17
Security update for jakarta-taglibs-standard (important)
2017-06-15 00:09:02
kaspersky
kaspersky
KLA10483 Code execution vulnerability in Apache Standard Taglib
2015-03-24 00:00:00
nessus
nessus
CentOS 6 / 7 : jakarta-taglibs-standard (CESA-2015:1695)
2015-10-22 00:00:00
RHEL 6 / 7 : jakarta-taglibs-standard (RHSA-2015:1695)
2015-09-01 00:00:00
mageia
mageia
Updated jakarta-taglibs-standard packages fix CVE-2015-0254
2015-04-10 01:44:14
securityvulns
securityvulns
Apache taglibs security vulnerabilities
2015-03-08 00:00:00
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
2015-03-08 00:00:00
ubuntu
ubuntu
Apache Standard Taglibs vulnerability
2015-03-30 00:00:00
github
github
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
cve
cve
CVE-2015-0254
2015-03-09 14:59:00
prion
prion
Xxe
2015-03-09 14:59:00
tomcat
tomcat
Fixed in Apache Standard Taglib 1.2.3
2015-02-20 00:00:00
amazon
amazon
Important: jakarta-taglibs-standard
2015-09-22 10:00:00
centos
centos
jakarta security update
2015-09-01 15:35:28
osv
osv
XXE in Apache Standard Taglibs
2020-09-14 18:44:01
veracode
veracode
XML External Entity (XXE) Through An XSLT Extension
2019-01-15 09:09:55
oracle
oracle
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Related for UB:CVE-2015-0254