Описание
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | xalan-j2 | Not affected | ||
| Red Hat Enterprise Virtualization 3 | jasperreports-server-pro | Not affected | ||
| Red Hat JBoss Data Grid 6 | xalan-j2 | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | xalan-j2 | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 4 | xalan-j2 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-esb-7.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-mq-7.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | xalan-j2 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not prop ...
EPSS
6.8 Medium
CVSS2