Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0119

Опубликовано: 31 мая 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия до 6.0.39 (включая)
cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05441
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2014-0119

ubuntu
около 11 лет назад

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

redhat логотип

CVE-2014-0119

redhat
около 11 лет назад

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

debian логотип

CVE-2014-0119

debian
около 11 лет назад

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...

github логотип

GHSA-prc3-7f44-w48j

github
около 3 лет назад

Missing XML Validation in Apache Tomcat

oracle-oval логотип

ELSA-2014-1034

oracle-oval
почти 11 лет назад

ELSA-2014-1034: tomcat security update (LOW)

EPSS

Процентиль: 90%
0.05441
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264