CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags -------------------------------------------------------------- Key: WFLY-6416 URL: https://issues.jboss.org/browse/WFLY-6416 Project: WildFly Issue Type: Bug Components: XML Frameworks Affects Versions: 10.0.0.Final Environment: Testing with OpenJDK 1.8.0_73 Reporter: Jason Shepherd Assignee: Tomaz Cerar Fix For: 10.1.0.CR1 When an application uses <x:parse> or <x:transform> tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution. Red Hat Flaw bug: https://bugzilla.redhat.com/show_bug.cgi?id=1198606