CVE-2015-0254

Published: Mar 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-2551-1

vendor-advisory

x_refsource_UBUNTU

RHSA-2016:1376

vendor-advisory

x_refsource_REDHAT

RHSA-2016:1841

vendor-advisory

x_refsource_REDHAT

[tomcat-taglibs-user] 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

mailing-list

x_refsource_MLIST

RHSA-2016:1838

vendor-advisory

x_refsource_REDHAT

20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

mailing-list

x_refsource_BUGTRAQ

RHSA-2015:1695

vendor-advisory

x_refsource_REDHAT

RHSA-2016:1839

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2015:1751

vendor-advisory

x_refsource_SUSE

72809

vdb-entry

x_refsource_BID

RHSA-2016:1840

vendor-advisory

x_refsource_REDHAT

1034934

vdb-entry

x_refsource_SECTRACK

[tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [27/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

x_refsource_CONFIRM

[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-792) Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254

mailing-list

x_refsource_MLIST

[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-792 Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254

mailing-list

x_refsource_MLIST

[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-792) Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254

mailing-list

x_refsource_MLIST

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

http://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-0254

Description

Affected Products

References