Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
References
Configurations
History
07 Nov 2023, 02:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-03-09 14:59
Updated : 2024-02-28 12:20
NVD link : CVE-2015-0254
Mitre link : CVE-2015-0254
CVE.ORG link : CVE-2015-0254
JSON object : View
Products Affected
apache
- standard_taglibs
canonical
- ubuntu_linux
CWE