Back to search
CVE-2014-0119
Published: May 31, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://svn.apache.org/viewvc?view=revision&revision=1590036
x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0268.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589837
x_refsource_CONFIRM
USN-2654-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2015:0765
vendor-advisory
x_refsource_REDHAT
59732
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0675
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
x_refsource_CONFIRM
MDVSA-2015:052
vendor-advisory
x_refsource_MANDRIVA
RHSA-2015:0720
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1590028
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589992
x_refsource_CONFIRM
MDVSA-2015:084
vendor-advisory
x_refsource_MANDRIVA
DSA-3530
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1589983
x_refsource_CONFIRM
HPSBUX03102
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
MDVSA-2015:053
vendor-advisory
x_refsource_MANDRIVA
http://svn.apache.org/viewvc?view=revision&revision=1588199
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589997
x_refsource_CONFIRM
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589980
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589640
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
x_refsource_CONFIRM
59873
third-party-advisory
x_refsource_SECUNIA
20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure
mailing-list
x_refsource_FULLDISC
http://svn.apache.org/viewvc?view=revision&revision=1589985
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1593815
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_FULLDISC
http://svn.apache.org/viewvc?view=revision&revision=1589990
x_refsource_CONFIRM
HPSBOV03503
vendor-advisory
x_refsource_HP
SSRT101681
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1588193
x_refsource_CONFIRM
67669
vdb-entry
x_refsource_BID
1030298
vdb-entry
x_refsource_SECTRACK
DSA-3552
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1593821
x_refsource_CONFIRM
60729
third-party-advisory
x_refsource_SECUNIA
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now