what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2015-0254

Status Candidate

Overview

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Related Files

Red Hat Security Advisory 2016-1841-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1841-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | d5681419a6bd02bb071fdd2545e78f0e7ac6d12b76097e714488542033b35ec4
Red Hat Security Advisory 2016-1838-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1838-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 3ace371b69c47fd489bf50fd42c891b4bb793fd02c5997d831efa3694ee002a7
Red Hat Security Advisory 2016-1840-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1840-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 009146da6ef83ea57c9580ff5b70c9c62c89f858234db94525dd921748291cc2
Red Hat Security Advisory 2016-1839-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1839-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | b7ce9425d2e37013c397ddf34049c19665b0c137375f62467d70bc149db5a7fb
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
SHA-256 | bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996
Red Hat Security Advisory 2016-0124-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0124-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 0c996c0fba242b595cac1172805fb25b49b7b9c2bb8994f01e45f521e90ae9b9
Red Hat Security Advisory 2016-0125-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0125-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 0b76cab1d6ad471e9367de6e67d73a10314bc0ebb63322f4a1d34d85e214d2ad
Red Hat Security Advisory 2016-0122-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0122-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 824f234c4b5a7d6ab8ff71baa01f4b3182164d1acb172a56c51807af5917631f
Red Hat Security Advisory 2016-0123-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0123-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | b0be4fadc47151a83fdc8cc609dc7999fd015cb202617b4e7284f0c105d4c76e
Red Hat Security Advisory 2016-0121-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0121-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 6a49c421651ed74730de510b63c6f28751fd3d66c18041a4b8b9ef9acc7e56a1
Red Hat Security Advisory 2015-1695-01
Posted Sep 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1695-01 - jakarta-taglibs-standard is the Java Standard Tag Library. This library is used in conjunction with Tomcat and Java Server Pages. It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. Note: jakarta-taglibs-standard users may need to take additional steps after applying this update.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 90496ca20e0ee4f0fa658654f45cba9d68e4cb670f6883b8b358ab061dc809a5
Ubuntu Security Notice USN-2551-1
Posted Mar 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2551-1 - David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0254
SHA-256 | 332e147796b76007a2eee0473067381a45d06b911cef8bd6a3122da5a3ae99eb
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close