CVE-2015-0254 - Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct ex

CVE-2015-0254

Summary

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

References

Vulnerable Configurations

cpe:2.3:a:apache:standard_taglibs:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:standard_taglibs:1.2.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2021 - 23:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1198606
title	CVE-2015-0254 jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment jakarta-taglibs-standard is earlier than 0:1.1.1-11.7.el6_7
oval oval:com.redhat.rhsa:tst:20151695001
comment jakarta-taglibs-standard is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151695002

AND

comment jakarta-taglibs-standard-javadoc is earlier than 0:1.1.1-11.7.el6_7
oval oval:com.redhat.rhsa:tst:20151695003
comment jakarta-taglibs-standard-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151695004

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment jakarta-taglibs-standard is earlier than 0:1.1.2-14.el7_1
oval oval:com.redhat.rhsa:tst:20151695006
comment jakarta-taglibs-standard is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151695002

AND

comment jakarta-taglibs-standard-javadoc is earlier than 0:1.1.2-14.el7_1
oval oval:com.redhat.rhsa:tst:20151695007
comment jakarta-taglibs-standard-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151695004

rhsa

id	RHSA-2015:1695
released	2015-08-31
severity	Important
title	RHSA-2015:1695: jakarta-taglibs-standard security update (Important)

rhsa
id RHSA-2016:1376
rhsa
id RHSA-2016:1838
rhsa
id RHSA-2016:1839
rhsa
id RHSA-2016:1840
rhsa
id RHSA-2016:1841

rpms

jakarta-taglibs-standard-0:1.1.1-11.7.el6_7
jakarta-taglibs-standard-0:1.1.2-14.ael7b_1
jakarta-taglibs-standard-0:1.1.2-14.el7_1
jakarta-taglibs-standard-javadoc-0:1.1.1-11.7.el6_7
jakarta-taglibs-standard-javadoc-0:1.1.2-14.ael7b_1
jakarta-taglibs-standard-javadoc-0:1.1.2-14.el7_1
apache-cxf-0:2.7.18-1.redhat_1.1.ep6.el5
hibernate4-core-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el5
hibernate4-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el5
hibernate4-entitymanager-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el5
hibernate4-envers-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el5
hibernate4-infinispan-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el5
hibernate4-validator-0:4.3.2-3.Final_redhat_3.1.ep6.el5
hornetq-0:2.3.25-10.SP8_redhat_1.1.ep6.el5
httpserver-0:1.0.6-1.Final_redhat_1.1.ep6.el5
infinispan-0:5.2.17-1.Final_redhat_1.1.ep6.el5
infinispan-cachestore-jdbc-0:5.2.17-1.Final_redhat_1.1.ep6.el5
infinispan-cachestore-remote-0:5.2.17-1.Final_redhat_1.1.ep6.el5
infinispan-client-hotrod-0:5.2.17-1.Final_redhat_1.1.ep6.el5
infinispan-core-0:5.2.17-1.Final_redhat_1.1.ep6.el5
ironjacamar-common-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-common-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-common-spi-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-core-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-core-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-deployers-common-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-jdbc-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-spec-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
ironjacamar-validator-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el5
jboss-as-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-cli-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-client-all-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-clustering-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-cmp-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-connector-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-controller-client-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-core-security-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-deployment-repository-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-deployment-scanner-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-domain-http-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-domain-management-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-ee-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-ee-deployment-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-ejb3-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-embedded-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-host-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jacorb-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jaxr-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jaxrs-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jdr-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jpa-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jsf-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-jsr77-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-logging-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-mail-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-management-client-content-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-messaging-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-modcluster-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-naming-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-network-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-osgi-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-osgi-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-osgi-service-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-picketlink-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-platform-mbean-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-pojo-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-process-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-protocol-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-remoting-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-sar-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-security-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-server-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-system-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-threads-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-transactions-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-version-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-web-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-webservices-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-weld-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-as-xts-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jboss-jstl-api_1.2_spec-0:1.0.9-1.Final_redhat_1.1.ep6.el5
jboss-remote-naming-0:1.0.12-1.Final_redhat_1.1.ep6.el5
jboss-remoting3-0:3.3.7-1.Final_redhat_1.1.ep6.el5
jbossas-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-bundles-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-core-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-domain-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-javadocs-0:7.5.6-2.Final_redhat_2.1.ep6.el5
jbossas-modules-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-product-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-standalone-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossas-welcome-content-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el5
jbossws-cxf-0:4.3.6-1.Final_redhat_1.1.ep6.el5
jgroups-1:3.2.15-1.Final_redhat_1.1.ep6.el5
wss4j-0:1.6.19-3.redhat_2.1.ep6.el5
xml-security-0:1.5.8-1.redhat_1.1.ep6.el5
apache-cxf-0:2.7.18-1.redhat_1.1.ep6.el6
hibernate4-core-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el6
hibernate4-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el6
hibernate4-entitymanager-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el6
hibernate4-envers-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el6
hibernate4-infinispan-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el6
hibernate4-validator-0:4.3.2-3.Final_redhat_3.1.ep6.el6
hornetq-0:2.3.25-10.SP8_redhat_1.1.ep6.el6
httpserver-0:1.0.6-1.Final_redhat_1.1.ep6.el6
infinispan-0:5.2.17-1.Final_redhat_1.1.ep6.el6
infinispan-cachestore-jdbc-0:5.2.17-1.Final_redhat_1.1.ep6.el6
infinispan-cachestore-remote-0:5.2.17-1.Final_redhat_1.1.ep6.el6
infinispan-client-hotrod-0:5.2.17-1.Final_redhat_1.1.ep6.el6
infinispan-core-0:5.2.17-1.Final_redhat_1.1.ep6.el6
ironjacamar-common-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-common-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-common-spi-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-core-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-core-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-deployers-common-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-jdbc-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-spec-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
ironjacamar-validator-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el6
jboss-as-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-cli-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-client-all-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-clustering-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-cmp-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-connector-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-controller-client-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-core-security-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-deployment-repository-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-deployment-scanner-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-domain-http-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-domain-management-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-ee-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-ee-deployment-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-ejb3-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-embedded-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-host-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jacorb-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jaxr-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jaxrs-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jdr-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jpa-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jsf-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-jsr77-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-logging-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-mail-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-management-client-content-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-messaging-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-modcluster-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-naming-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-network-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-osgi-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-osgi-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-osgi-service-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-picketlink-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-platform-mbean-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-pojo-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-process-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-protocol-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-remoting-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-sar-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-security-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-server-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-system-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-threads-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-transactions-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-version-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-web-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-webservices-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-weld-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-as-xts-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jboss-jstl-api_1.2_spec-0:1.0.9-1.Final_redhat_1.1.ep6.el6
jboss-remote-naming-0:1.0.12-1.Final_redhat_1.1.ep6.el6
jboss-remoting3-0:3.3.7-1.Final_redhat_1.1.ep6.el6
jbossas-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-bundles-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-core-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-domain-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-javadocs-0:7.5.6-2.Final_redhat_2.1.ep6.el6
jbossas-modules-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-product-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-standalone-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossas-welcome-content-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el6
jbossws-cxf-0:4.3.6-1.Final_redhat_1.1.ep6.el6
jgroups-1:3.2.15-1.Final_redhat_1.1.ep6.el6
wss4j-0:1.6.19-3.redhat_2.1.ep6.el6
xml-security-0:1.5.8-1.redhat_1.1.ep6.el6
apache-cxf-0:2.7.18-1.redhat_1.1.ep6.el7
hibernate4-core-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el7
hibernate4-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el7
hibernate4-entitymanager-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el7
hibernate4-envers-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el7
hibernate4-infinispan-eap6-0:4.2.22-1.Final_redhat_1.1.ep6.el7
hibernate4-validator-0:4.3.2-3.Final_redhat_3.1.ep6.el7
hornetq-0:2.3.25-10.SP8_redhat_1.1.ep6.el7
httpserver-0:1.0.6-1.Final_redhat_1.1.ep6.el7
infinispan-0:5.2.17-1.Final_redhat_1.1.ep6.el7
infinispan-cachestore-jdbc-0:5.2.17-1.Final_redhat_1.1.ep6.el7
infinispan-cachestore-remote-0:5.2.17-1.Final_redhat_1.1.ep6.el7
infinispan-client-hotrod-0:5.2.17-1.Final_redhat_1.1.ep6.el7
infinispan-core-0:5.2.17-1.Final_redhat_1.1.ep6.el7
ironjacamar-common-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-common-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-common-spi-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-core-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-core-impl-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-deployers-common-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-jdbc-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-spec-api-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
ironjacamar-validator-eap6-0:1.0.35-1.Final_redhat_1.1.ep6.el7
jboss-as-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-cli-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-client-all-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-clustering-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-cmp-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-connector-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-controller-client-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-core-security-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-deployment-repository-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-deployment-scanner-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-domain-http-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-domain-management-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-ee-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-ee-deployment-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-ejb3-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-embedded-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-host-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jacorb-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jaxr-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jaxrs-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jdr-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jpa-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jsf-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-jsr77-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-logging-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-mail-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-management-client-content-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-messaging-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-modcluster-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-naming-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-network-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-osgi-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-osgi-configadmin-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-osgi-service-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-picketlink-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-platform-mbean-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-pojo-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-process-controller-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-protocol-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-remoting-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-sar-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-security-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-server-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-system-jmx-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-threads-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-transactions-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-version-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-web-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-webservices-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-weld-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-as-xts-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jboss-jstl-api_1.2_spec-0:1.0.9-1.Final_redhat_1.1.ep6.el7
jboss-remote-naming-0:1.0.12-1.Final_redhat_1.1.ep6.el7
jboss-remoting3-0:3.3.7-1.Final_redhat_1.1.ep6.el7
jbossas-appclient-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-bundles-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-core-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-domain-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-javadocs-0:7.5.6-2.Final_redhat_2.1.ep6.el7
jbossas-modules-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-product-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-standalone-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossas-welcome-content-eap-0:7.5.6-1.Final_redhat_2.1.ep6.el7
jbossws-cxf-0:4.3.6-1.Final_redhat_1.1.ep6.el7
jgroups-1:3.2.15-1.Final_redhat_1.1.ep6.el7
wss4j-0:1.6.19-3.redhat_2.1.ep6.el7
xml-security-0:1.5.8-1.redhat_1.1.ep6.el7
jboss-ec2-eap-0:7.5.6-1.Final_redhat_1.ep6.el6
jboss-ec2-eap-samples-0:7.5.6-1.Final_redhat_1.ep6.el6
eap7-activemq-artemis-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-cli-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-commons-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-core-client-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-dto-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-hornetq-protocol-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-hqclient-protocol-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-jms-client-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-jms-server-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-journal-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-native-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-ra-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-selector-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-server-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-activemq-artemis-service-extensions-0:1.1.0-15.SP18_redhat_1.1.ep7.el6
eap7-apache-cxf-0:3.1.6-1.redhat_1.1.ep7.el6
eap7-apache-cxf-rt-0:3.1.6-1.redhat_1.1.ep7.el6
eap7-apache-cxf-services-0:3.1.6-1.redhat_1.1.ep7.el6
eap7-apache-cxf-tools-0:3.1.6-1.redhat_1.1.ep7.el6
eap7-jberet-0:1.2.1-1.Final_redhat_1.1.ep7.el6
eap7-jberet-core-0:1.2.1-1.Final_redhat_1.1.ep7.el6
eap7-jboss-jstl-api_1.2_spec-0:1.1.3-1.Final_redhat_1.1.ep7.el6
eap7-jboss-security-negotiation-0:3.0.3-1.Final_redhat_1.1.ep7.el6
eap7-jbossws-common-0:3.1.3-1.Final_redhat_1.1.ep7.el6
eap7-jbossws-cxf-0:5.1.5-1.Final_redhat_1.1.ep7.el6
eap7-jbossws-spi-0:3.1.2-1.Final_redhat_1.1.ep7.el6
eap7-jgroups-0:3.6.10-1.Final_redhat_1.1.ep7.el6
eap7-mod_cluster-0:1.3.3-1.Final_redhat_1.1.ep7.el6
eap7-picketbox-0:4.9.7-1.Final_redhat_1.1.ep7.el6
eap7-picketbox-infinispan-0:4.9.7-1.Final_redhat_1.1.ep7.el6
eap7-picketlink-api-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-bindings-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-common-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-config-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-federation-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-idm-api-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-idm-impl-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-idm-simple-schema-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-impl-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-wildfly8-0:2.5.5-3.SP3_redhat_1.1.ep7.el6
eap7-resteasy-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-async-http-servlet-3.0-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-atom-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-cdi-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-client-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-crypto-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jackson-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jackson2-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jaxb-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jaxrs-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jettison-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jose-jwt-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-jsapi-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-json-p-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-multipart-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-spring-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-validator-provider-11-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-yaml-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el6
eap7-undertow-0:1.3.24-1.Final_redhat_1.1.ep7.el6
eap7-wildfly-0:7.0.2-2.GA_redhat_1.1.ep7.el6
eap7-wildfly-javadocs-0:7.0.2-1.GA_redhat_1.1.ep7.el6
eap7-wildfly-modules-0:7.0.2-2.GA_redhat_1.1.ep7.el6
eap7-wildfly-web-console-eap-0:2.8.27-1.Final_redhat_1.1.ep7.el6
eap7-wss4j-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-bindings-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-policy-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-ws-security-common-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-ws-security-dom-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-ws-security-policy-stax-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-wss4j-ws-security-stax-0:2.1.5-1.redhat_1.1.ep7.el6
eap7-xalan-j2-0:2.7.1-25.redhat_11.1.ep7.el6
eap7-xml-security-0:2.0.6-1.redhat_1.1.ep7.el6
eap7-activemq-artemis-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-cli-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-commons-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-core-client-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-dto-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-hornetq-protocol-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-hqclient-protocol-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-jms-client-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-jms-server-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-journal-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-native-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-ra-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-selector-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-server-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-activemq-artemis-service-extensions-0:1.1.0-15.SP18_redhat_1.1.ep7.el7
eap7-apache-cxf-0:3.1.6-1.redhat_1.1.ep7.el7
eap7-apache-cxf-rt-0:3.1.6-1.redhat_1.1.ep7.el7
eap7-apache-cxf-services-0:3.1.6-1.redhat_1.1.ep7.el7
eap7-apache-cxf-tools-0:3.1.6-1.redhat_1.1.ep7.el7
eap7-jberet-0:1.2.1-1.Final_redhat_1.1.ep7.el7
eap7-jberet-core-0:1.2.1-1.Final_redhat_1.1.ep7.el7
eap7-jboss-jstl-api_1.2_spec-0:1.1.3-1.Final_redhat_1.1.ep7.el7
eap7-jboss-security-negotiation-0:3.0.3-1.Final_redhat_1.1.ep7.el7
eap7-jbossws-common-0:3.1.3-1.Final_redhat_1.1.ep7.el7
eap7-jbossws-cxf-0:5.1.5-1.Final_redhat_1.1.ep7.el7
eap7-jbossws-spi-0:3.1.2-1.Final_redhat_1.1.ep7.el7
eap7-jgroups-0:3.6.10-1.Final_redhat_1.1.ep7.el7
eap7-mod_cluster-0:1.3.3-1.Final_redhat_1.1.ep7.el7
eap7-picketbox-0:4.9.7-1.Final_redhat_1.1.ep7.el7
eap7-picketbox-infinispan-0:4.9.7-1.Final_redhat_1.1.ep7.el7
eap7-picketlink-api-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-bindings-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-common-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-config-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-federation-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-idm-api-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-idm-impl-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-idm-simple-schema-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-impl-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-wildfly8-0:2.5.5-3.SP3_redhat_1.1.ep7.el7
eap7-resteasy-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-async-http-servlet-3.0-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-atom-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-cdi-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-client-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-crypto-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jackson-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jackson2-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jaxb-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jaxrs-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jettison-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jose-jwt-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-jsapi-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-json-p-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-multipart-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-spring-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-validator-provider-11-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-yaml-provider-0:3.0.18-1.Final_redhat_1.1.ep7.el7
eap7-undertow-0:1.3.24-1.Final_redhat_1.1.ep7.el7
eap7-wildfly-0:7.0.2-2.GA_redhat_1.1.ep7.el7
eap7-wildfly-javadocs-0:7.0.2-1.GA_redhat_1.1.ep7.el7
eap7-wildfly-modules-0:7.0.2-2.GA_redhat_1.1.ep7.el7
eap7-wildfly-web-console-eap-0:2.8.27-1.Final_redhat_1.1.ep7.el7
eap7-wss4j-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-bindings-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-policy-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-ws-security-common-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-ws-security-dom-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-ws-security-policy-stax-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-wss4j-ws-security-stax-0:2.1.5-1.redhat_1.1.ep7.el7
eap7-xalan-j2-0:2.7.1-25.redhat_11.1.ep7.el7
eap7-xml-security-0:2.0.6-1.redhat_1.1.ep7.el7
eap7-jboss-ec2-eap-0:7.0.2-2.GA_redhat_1.ep7.el6
eap7-jboss-ec2-eap-0:7.0.2-2.GA_redhat_1.ep7.el7
eap7-jboss-ec2-eap-samples-0:7.0.2-2.GA_redhat_1.ep7.el6
eap7-jboss-ec2-eap-samples-0:7.0.2-2.GA_redhat_1.ep7.el7

refmap via4

bid	72809
bugtraq	20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
confirm	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
misc	http://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.html https://www.oracle.com/security-alerts/cpuapr2020.html
mlist	[tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ [tomcat-dev] 20200203 svn commit: r1873527 [27/30] - /tomcat/site/trunk/docs/ [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ [tomcat-taglibs-user] 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
sectrack	1034934
suse	openSUSE-SU-2015:1751
ubuntu	USN-2551-1

Last major update

20-07-2021 - 23:15

Published

09-03-2015 - 14:59

Last modified

20-07-2021 - 23:15