what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2015-0254

Status Candidate

Overview

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Related Files

Red Hat Security Advisory 2016-1841-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1841-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | d5681419a6bd02bb071fdd2545e78f0e7ac6d12b76097e714488542033b35ec4
Red Hat Security Advisory 2016-1838-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1838-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 3ace371b69c47fd489bf50fd42c891b4bb793fd02c5997d831efa3694ee002a7
Red Hat Security Advisory 2016-1840-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1840-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 009146da6ef83ea57c9580ff5b70c9c62c89f858234db94525dd921748291cc2
Red Hat Security Advisory 2016-1839-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1839-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | b7ce9425d2e37013c397ddf34049c19665b0c137375f62467d70bc149db5a7fb
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
SHA-256 | bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996
Red Hat Security Advisory 2016-0124-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0124-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 0c996c0fba242b595cac1172805fb25b49b7b9c2bb8994f01e45f521e90ae9b9
Red Hat Security Advisory 2016-0125-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0125-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 0b76cab1d6ad471e9367de6e67d73a10314bc0ebb63322f4a1d34d85e214d2ad
Red Hat Security Advisory 2016-0122-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0122-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 824f234c4b5a7d6ab8ff71baa01f4b3182164d1acb172a56c51807af5917631f
Red Hat Security Advisory 2016-0123-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0123-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | b0be4fadc47151a83fdc8cc609dc7999fd015cb202617b4e7284f0c105d4c76e
Red Hat Security Advisory 2016-0121-01
Posted Feb 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0121-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The following security issue is addressed with this release: It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 6a49c421651ed74730de510b63c6f28751fd3d66c18041a4b8b9ef9acc7e56a1
Red Hat Security Advisory 2015-1695-01
Posted Sep 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1695-01 - jakarta-taglibs-standard is the Java Standard Tag Library. This library is used in conjunction with Tomcat and Java Server Pages. It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. Note: jakarta-taglibs-standard users may need to take additional steps after applying this update.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-0254
SHA-256 | 90496ca20e0ee4f0fa658654f45cba9d68e4cb670f6883b8b358ab061dc809a5
Ubuntu Security Notice USN-2551-1
Posted Mar 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2551-1 - David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0254
SHA-256 | 332e147796b76007a2eee0473067381a45d06b911cef8bd6a3122da5a3ae99eb
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close