[jboss-jira] [JBoss JIRA] (WFLY-6416) CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags

Wednesday, 13 July 2016

     [
https://issues.jboss.org/browse/WFLY-6416?page=com.atlassian.jira.plugin....
]

Tomaz Cerar reassigned WFLY-6416:
---------------------------------

    Assignee: Tomaz Cerar  (was: Jason Greene)

...
 CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags 
 --------------------------------------------------------------

                 Key: WFLY-6416
                 URL: https://issues.jboss.org/browse/WFLY-6416
             Project: WildFly
          Issue Type: Bug
          Components: XML Frameworks
    Affects Versions: 10.0.0.Final
         Environment: Testing with OpenJDK 1.8.0_73
            Reporter: Jason Shepherd
            Assignee: Tomaz Cerar

 When an application uses <x:parse> or <x:transform> tags to process untrusted
XML documents, a request may utilize external entity references to access resources on the
host system or utilize XSLT extensions that may allow remote execution.
 Red Hat Flaw bug: https://bugzilla.redhat.com/show_bug.cgi?id=1198606 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFLY-6416) CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags