CVE-2015-0254
Summary
| CVE | CVE-2015-0254 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-09 14:59:00 UTC |
| Updated | 2023-11-07 02:23:00 UTC |
| Description | Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Standard Taglibs | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-792 Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254 | lists.apache.org | ||
| Apache Mail Archives | lists.apache.org | ||
| [portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-792) Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254 | lists.apache.org | ||
| Red Hat JBoss XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Pony Mail! | lists.apache.org | ||
| USN-2551-1: Apache Standard Taglibs vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| openSUSE-SU-2015:1751-1: moderate: Security update for jakarta-taglibs-s | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags | MLIST | mail-archives.apache.org | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| [portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-792) Upgrade to taglibs-standard-impl-1.2.3 due to CVE-2015-0254 | lists.apache.org | ||
| Red Hat Customer Portal - Access to 24x7 support and knowledge | REDHAT | access.redhat.com | |
| Oracle Critical Patch Update - July 2017 | CONFIRM | www.oracle.com | |
| Pony Mail! | lists.apache.org | ||
| Apache Mail Archives | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.