Lucene search

Veracode Vulnerability DatabaseVERACODE:10807

HistoryJan 15, 2019 - 8:52 a.m.

Apache Xalan Remote Code Execution

2019-01-1508:52:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Apache Xalan-Java contains a vulnerability that allows for Remote Code Execution. This vulnerability allows a malicious user to remotely bypass the expected restrictions and load arbitrary code.

CPENameOperatorVersion
xalan-j2eq2.7.0__9.8.el6
xalan-j2eq2.7.0__9.9.el6_5
xalan-j2eq2.7.1__5.3_patch_04.ep5.el6
xalan-j2eq2.7.1__6_patch_05.1.ep5.el5
xalan-j2eq2.7.1__5.3_patch_04.ep5.el5
xalan-j2eq2.7.0__13.2.ep5.el5
xalan-j2eq2.7.1__6_patch_05.1.ep5.el6
xalan-j2eq2.7.1__5.3_patch_04.ep5.el4
xalan-j2eq2.7.1__6_patch_05.1.ep5.el4
xalan-j2-eap6eq2.7.1__6.11.redhat_1.ep6.el5

Name	Operator	Version
xalan-j2	eq	2.7.0__9.8.el6
xalan-j2	eq	2.7.0__9.9.el6_5
xalan-j2	eq	2.7.1__5.3_patch_04.ep5.el6
xalan-j2	eq	2.7.1__6_patch_05.1.ep5.el5
xalan-j2	eq	2.7.1__5.3_patch_04.ep5.el5
xalan-j2	eq	2.7.0__13.2.ep5.el5
xalan-j2	eq	2.7.1__6_patch_05.1.ep5.el6
xalan-j2	eq	2.7.1__5.3_patch_04.ep5.el4
xalan-j2	eq	2.7.1__6_patch_05.1.ep5.el4
xalan-j2-eap6	eq	2.7.1__6.11.redhat_1.ep6.el5

Rows per page:

1-10 of 131

References

rhn.redhat.com/errata/RHSA-2014-0348.html

rhn.redhat.com/errata/RHSA-2014-1351.html

rhn.redhat.com/errata/RHSA-2015-1888.html

secunia.com/advisories/57563

secunia.com/advisories/59036

secunia.com/advisories/59151

secunia.com/advisories/59247

secunia.com/advisories/59290

secunia.com/advisories/59291

secunia.com/advisories/59369

secunia.com/advisories/59515

secunia.com/advisories/59711

secunia.com/advisories/60502

svn.apache.org/viewvc?view=revision&revision=1581058

www-01.ibm.com/support/docview.wss?uid=swg21674334

www-01.ibm.com/support/docview.wss?uid=swg21676093

www-01.ibm.com/support/docview.wss?uid=swg21677145

www-01.ibm.com/support/docview.wss?uid=swg21680703

www-01.ibm.com/support/docview.wss?uid=swg21681933

www.debian.org/security/2014/dsa-2886

www.ibm.com/support/docview.wss?uid=swg21677967

www.ocert.org/advisories/ocert-2014-002.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.securityfocus.com/bid/66397

www.securitytracker.com/id/1034711

www.securitytracker.com/id/1034716

access.redhat.com/security/updates/classification/#important

exchange.xforce.ibmcloud.com/vulnerabilities/92023

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

issues.apache.org/jira/browse/XALANJ-2435

issues.jboss.org/browse/JBPAPP-10991

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E

rhn.redhat.com/errata/RHSA-2014-0591.html

security.gentoo.org/glsa/201604-02

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.tenable.com/security/tns-2018-15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:10807