Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-0348

Опубликовано: 01 апр. 2014
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2014-0348: xalan-j2 security update (IMPORTANT)

[0:2.7.0-9.9]

  • Add patch to fix remote code execution vulnerability
  • Resolves: CVE-2014-0107

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

xalan-j2

2.7.0-6jpp.2

xalan-j2-demo

2.7.0-6jpp.2

xalan-j2-javadoc

2.7.0-6jpp.2

xalan-j2-manual

2.7.0-6jpp.2

xalan-j2-xsltc

2.7.0-6jpp.2

Oracle Linux x86_64

xalan-j2

2.7.0-6jpp.2

xalan-j2-demo

2.7.0-6jpp.2

xalan-j2-javadoc

2.7.0-6jpp.2

xalan-j2-manual

2.7.0-6jpp.2

xalan-j2-xsltc

2.7.0-6jpp.2

Oracle Linux i386

xalan-j2

2.7.0-6jpp.2

xalan-j2-demo

2.7.0-6jpp.2

xalan-j2-javadoc

2.7.0-6jpp.2

xalan-j2-manual

2.7.0-6jpp.2

xalan-j2-xsltc

2.7.0-6jpp.2

Oracle Linux 6

Oracle Linux x86_64

xalan-j2

2.7.0-9.9.el6_5

xalan-j2-demo

2.7.0-9.9.el6_5

xalan-j2-javadoc

2.7.0-9.9.el6_5

xalan-j2-manual

2.7.0-9.9.el6_5

xalan-j2-xsltc

2.7.0-9.9.el6_5

Oracle Linux i686

xalan-j2

2.7.0-9.9.el6_5

xalan-j2-demo

2.7.0-9.9.el6_5

xalan-j2-javadoc

2.7.0-9.9.el6_5

xalan-j2-manual

2.7.0-9.9.el6_5

xalan-j2-xsltc

2.7.0-9.9.el6_5

Oracle Linux sparc64

xalan-j2

2.7.0-9.9.el6_5

xalan-j2-demo

2.7.0-9.9.el6_5

xalan-j2-javadoc

2.7.0-9.9.el6_5

xalan-j2-manual

2.7.0-9.9.el6_5

xalan-j2-xsltc

2.7.0-9.9.el6_5

Связанные CVE

CVE-2014-0107

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-0107

ubuntu
больше 11 лет назад

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

redhat логотип

CVE-2014-0107

redhat
больше 11 лет назад

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

nvd логотип

CVE-2014-0107

nvd
больше 11 лет назад

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

debian логотип

CVE-2014-0107

debian
больше 11 лет назад

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not prop ...

github логотип

GHSA-rc2w-r4jq-7pfx

github
больше 3 лет назад

Improper Authorization in Apache Xalan-Java