[jboss-jira] [JBoss JIRA] (WFLY-6416) CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags
Jason Shepherd (JIRA)
issues at jboss.org
Mon Mar 21 22:50:00 EDT 2016
Jason Shepherd created WFLY-6416:
------------------------------------
Summary: CVE-2015-0254: XXE and RCE via XSL extension in JSTL XML tags
Key: WFLY-6416
URL: https://issues.jboss.org/browse/WFLY-6416
Project: WildFly
Issue Type: Bug
Components: XML Frameworks
Affects Versions: 10.0.0.Final
Environment: Testing with OpenJDK 1.8.0_73
Reporter: Jason Shepherd
Assignee: Jason Greene
When an application uses <x:parse> or <x:transform> tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution.
Red Hat Flaw bug: https://bugzilla.redhat.com/show_bug.cgi?id=1198606
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list