CVE-2015-0254

CVSS v2.0 7.5 (High)

EPSS 7.09 % (94^th)

Affected Products 2

Advisories 7

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2015-03-09 14:59:04
(9 years ago)
Updated Date: 2023-11-07 02:23:21
(10 months ago)

Affected Products

Apache

Standard Taglibs

Canonical

Ubuntu Linux

Configuration #1

		CPE23	From	Up To
	Apache Standard Taglibs 1.2.1 and prior versions	cpe:2.3:a:apache:standard_taglibs		<= 1.2.1

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10