Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2015-03-09T14:00:00
Updated: 2021-07-20T22:52:59
Reserved: 2014-11-18T00:00:00
Link: CVE-2015-0254
JSON object: View
NVD Information
Status : Modified
Published: 2015-03-09T14:59:04.263
Modified: 2023-11-07T02:23:21.340
Link: CVE-2015-0254
JSON object: View
Redhat Information
No data.
CWE