Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability



Apache Standard Taglibs is prone to an XML External Entity injection vulnerability.



Attackers can exploit this issue to gain access to sensitive information or execute arbitrary code in the context of the affected application.



Versions prior to Apache Standard Taglibs 1.2.3 are vulnerable.

Information

Bugtraq ID: 72809
Class: Input Validation Error
CVE: CVE-2015-0254

Remote: Yes
Local: No
Published: Feb 27 2015 12:00AM
Updated: Jun 15 2017 08:03PM
Credit: David Jorm of IIX
Vulnerable: Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Oracle Enterprise Linux 7
openSUSE Linux Enterprise Server for Raspberry Pi 12-SP2
openSUSE Linux Enterprise Server 12-SP2
IBM WebSphere Application Server Liberty Profile 8.5.5
IBM Websphere Application Server 8.5.5
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 29
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 7.0 10
IBM Websphere Application Server 7.0 .9
IBM Websphere Application Server 7.0 .8
IBM Websphere Application Server 7.0 .2
IBM Websphere Application Server 7.0 .13
IBM Websphere Application Server 7.0 .12
IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1 41
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .8
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .4
IBM Websphere Application Server 6.1 .33
IBM Websphere Application Server 6.1 .32
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .25
IBM Websphere Application Server 6.1 .23
IBM Websphere Application Server 6.1 .22
IBM Websphere Application Server 6.1 .21
IBM Websphere Application Server 6.1 .20
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .19
IBM Websphere Application Server 6.1 .18
IBM Websphere Application Server 6.1 .17
IBM Websphere Application Server 6.1 .15
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .13
IBM Websphere Application Server 6.1 .12
IBM Websphere Application Server 6.1 .11
IBM Websphere Application Server 6.1 .10
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 8.5.5.9 - Liberty Pr
IBM Websphere Application Server 8.5.5.9
IBM Websphere Application Server 8.5.5.8 - Liberty Pr
IBM Websphere Application Server 8.5.5.8
IBM Websphere Application Server 8.5.5.7 - Liberty Pr
IBM Websphere Application Server 8.5.5.7
IBM Websphere Application Server 8.5.5.6 - Liberty Pr
IBM Websphere Application Server 8.5.5.6
IBM Websphere Application Server 8.5.5.5 - Liberty Pr
IBM Websphere Application Server 8.5.5.5
IBM Websphere Application Server 8.5.5.4 - Liberty Pr
IBM Websphere Application Server 8.5.5.4
IBM Websphere Application Server 8.5.5.3 - ~~Liberty
IBM Websphere Application Server 8.5.5.3
IBM Websphere Application Server 8.5.5.2 - Liberty Pr
IBM Websphere Application Server 8.5.5.2
IBM Websphere Application Server 8.5.5.1 - Liberty Pr
IBM Websphere Application Server 8.5.5.1
IBM Websphere Application Server 8.5.5.0 - Liberty Pr
IBM Websphere Application Server 8.5.0.2 - Liberty Pr
IBM Websphere Application Server 8.5.0.2
IBM Websphere Application Server 8.5.0.1 - Liberty Pr
IBM Websphere Application Server 8.5.0.1
IBM Websphere Application Server 8.5.0.0 - Liberty Pr
IBM Websphere Application Server 8.5.0.0
IBM Websphere Application Server 8.0.0.9
IBM Websphere Application Server 8.0.0.8
IBM Websphere Application Server 8.0.0.7
IBM Websphere Application Server 8.0.0.6
IBM Websphere Application Server 8.0.0.5
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0.0.3
IBM Websphere Application Server 8.0.0.12
IBM Websphere Application Server 8.0.0.11
IBM Websphere Application Server 8.0.0.10
IBM Websphere Application Server 8.0.0.1
IBM Websphere Application Server 8.0.0.0
IBM Websphere Application Server 7.0.0.7
IBM Websphere Application Server 7.0.0.6
IBM Websphere Application Server 7.0.0.5
IBM Websphere Application Server 7.0.0.41
IBM Websphere Application Server 7.0.0.4
IBM Websphere Application Server 7.0.0.39
IBM Websphere Application Server 7.0.0.37
IBM Websphere Application Server 7.0.0.35
IBM Websphere Application Server 7.0.0.34
IBM Websphere Application Server 7.0.0.33
IBM Websphere Application Server 7.0.0.32
IBM Websphere Application Server 7.0.0.31
IBM Websphere Application Server 7.0.0.27
IBM Websphere Application Server 7.0.0.25
IBM Websphere Application Server 7.0.0.24
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.22
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.18
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.16
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.14
IBM Websphere Application Server 7.0.0.1
IBM Websphere Application Server 7.0.0.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1.0.47
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1.0.29
IBM Websphere Application Server 6.1.0.27
IBM Tivoli Storage Productivity Center 5.2.10
IBM Tivoli Storage Productivity Center 5.2.6
IBM Tivoli Storage Productivity Center 5.2.5
IBM Tivoli Storage Productivity Center 5.2.2
IBM Tivoli Storage Productivity Center 5.2.1 0
IBM Tivoli Storage Productivity Center 5.2
IBM Tivoli Storage Productivity Center 5.1.1 3
IBM Tivoli Storage Productivity Center 5.1.1
IBM Tivoli Storage Productivity Center 5.1
IBM Tivoli Storage Productivity Center 5.2.7.1
IBM Tivoli Storage Productivity Center 5.2.7
IBM Tivoli Storage Productivity Center 5.2.5.1
IBM Tivoli Storage Productivity Center 5.2.4.1
IBM Tivoli Storage Productivity Center 5.2.4
IBM Tivoli Storage Productivity Center 5.2.3
IBM Tivoli Storage Productivity Center 5.2.1.1
IBM Tivoli Storage Productivity Center 5.1.1.9
IBM Tivoli Storage Productivity Center 5.1.1.8
IBM Tivoli Storage Productivity Center 5.1.1.7
IBM Tivoli Storage Productivity Center 5.1.1.6
IBM Tivoli Storage Productivity Center 5.1.1.5
IBM Tivoli Storage Productivity Center 5.1.1.4
IBM Tivoli Storage Productivity Center 5.1.1.2
IBM Tivoli Storage Productivity Center 5.1.1.10
IBM Tivoli Storage Productivity Center 5.1.1.1
IBM Tivoli Storage Productivity Center 5.1.1.0
IBM Tivoli Monitoring 6.2.2
IBM Tivoli Enterprise portal server -
IBM Spectrum Control 5.2.11
IBM Spectrum Control 5.2.10
IBM Spectrum Control 5.2.9
IBM Spectrum Control 5.2.8
IBM Spectrum Control 5.2.10.1
IBM Liberty for Java for Bluemix 2.9
IBM Liberty for Java for Bluemix 2.7
IBM Liberty for Java for Bluemix 2.6
IBM Liberty for Java for Bluemix 2.3
IBM InfoSphere Information Server 9.1
IBM InfoSphere Information Server 8.7
IBM InfoSphere Information Server 11.5
IBM InfoSphere Information Server 11.3
IBM Global Retention Policy and Schedule Management 6.0.2
IBM Global Retention Policy and Schedule Management 6.0.1 .6
IBM Global Retention Policy and Schedule Management 6.0.3.3
IBM Global Retention Policy and Schedule Management 6.0.3
IBM Global Retention Policy and Schedule Management 6.0.1.5
IBM Global Retention Policy and Schedule Management 6.0.1.4
IBM FastBack for Workstations Central Administration Console 7.1
IBM FastBack for Workstations Central Administration Console 6.3
IBM Disposal and Governance Management for IT 6.0.2
IBM Disposal and Governance Management for IT 6.0.1 .6
IBM Disposal and Governance Management for IT 6.0.3.3
IBM Disposal and Governance Management for IT 6.0.3
IBM Disposal and Governance Management for IT 6.0.1.5
IBM Disposal and Governance Management for IT 6.0.1.4
IBM Content Integrator 8.6
IBM Bluemix Liberty for Java 2.3
IBM Bluemix Liberty for Java 2.2
IBM Bluemix Liberty for Java 2.1
IBM Bluemix Liberty for Java 2.0
IBM Bluemix Liberty for Java 1.9
IBM Bluemix Liberty for Java 1.8
IBM Bluemix Liberty for Java 1.7
IBM Bluemix Liberty for Java 1.6
IBM Bluemix Liberty for Java 1.5
IBM Bluemix Liberty for Java 1.3
IBM Atlas eDiscovery Process Management 6.0.2
IBM Atlas eDiscovery Process Management 6.0.1 .6
IBM Atlas eDiscovery Process Management 6.0.3.3
IBM Atlas eDiscovery Process Management 6.0.3
IBM Atlas eDiscovery Process Management 6.0.1.5
IBM Atlas eDiscovery Process Management 6.0.1.4
CentOS CentOS 6
Apache Standard Taglibs 1.2.1


Not Vulnerable: IBM Websphere Application Server 8.5.5.10
IBM Websphere Application Server 8.0.0.13
IBM Websphere Application Server 7.0.0.43
Apache Standard Taglibs 1.2.3


Exploit


An attacker can exploit this issue using a web browser.


Related Posts