QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-0096

Back to search

CVE-2014-0096

Published: May 31, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

VendorProductVersions

n/a

n/a

affected
n/a

References

67667
vdb-entry
x_refsource_BID
59121
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0765
vendor-advisory
x_refsource_REDHAT
59732
third-party-advisory
x_refsource_SECUNIA
59835
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0675
vendor-advisory
x_refsource_REDHAT
MDVSA-2015:052
vendor-advisory
x_refsource_MANDRIVA
RHSA-2015:0720
vendor-advisory
x_refsource_REDHAT
59849
third-party-advisory
x_refsource_SECUNIA
MDVSA-2015:084
vendor-advisory
x_refsource_MANDRIVA
1030301
vdb-entry
x_refsource_SECTRACK
DSA-3530
vendor-advisory
x_refsource_DEBIAN
59678
third-party-advisory
x_refsource_SECUNIA
HPSBUX03102
vendor-advisory
x_refsource_HP
MDVSA-2015:053
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2015-2109
vendor-advisory
x_refsource_FEDORA
59616
third-party-advisory
x_refsource_SECUNIA
59873
third-party-advisory
x_refsource_SECUNIA
HPSBOV03503
vendor-advisory
x_refsource_HP
SSRT101681
vendor-advisory
x_refsource_HP
DSA-3552
vendor-advisory
x_refsource_DEBIAN
60729
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now