Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-0096

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 31 мая 2014
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 4.3

ОписаниС

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
artful

DNE

bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

6.0.41-1
esm-infra-legacy/trusty

not-affected

6.0.39-1ubuntu0.1
lucid

released

6.0.24-2ubuntu1.16
precise

released

6.0.35-1ubuntu3.5
precise/esm

not-affected

6.0.35-1ubuntu3.5
saucy

ignored

end of life
trusty

released

6.0.39-1ubuntu0.1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
artful

not-affected

7.0.53-1
bionic

not-affected

7.0.53-1
devel

not-affected

7.0.53-1
esm-apps/bionic

not-affected

7.0.53-1
esm-apps/xenial

not-affected

7.0.53-1
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.1
lucid

DNE

precise

ignored

end of life
precise/esm

DNE

precise was needed
saucy

ignored

end of life

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
artful

not-affected

8.0.9-1
bionic

not-affected

8.0.9-1
devel

not-affected

8.0.9-1
esm-apps/bionic

not-affected

8.0.9-1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

8.0.9-1
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01617
Низкий

4.3 Medium

CVSS2

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-0096

redhat
ΠΎΠΊΠΎΠ»ΠΎ 11 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-0096

nvd
ΠΎΠΊΠΎΠ»ΠΎ 11 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-0096

debian
ΠΎΠΊΠΎΠ»ΠΎ 11 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

java/org/apache/catalina/servlets/DefaultServlet.java in the default s ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-qprx-q2r7-3rx6

github
ΠΎΠΊΠΎΠ»ΠΎ 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Improper Input Validation in Apache Tomcat

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2015-00406

fstec
ΠΎΠΊΠΎΠ»ΠΎ 11 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния Apache Tomcat, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ ΡƒΠ΄Π°Π»Π΅Π½Π½ΠΎΠΌΡƒ Π·Π»ΠΎΡƒΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΈΠΊΡƒ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚ΡŒ ΠΊΠΎΠ½Ρ„ΠΈΠ΄Π΅Π½Ρ†ΠΈΠ°Π»ΡŒΠ½ΠΎΡΡ‚ΡŒ Π·Π°Ρ‰ΠΈΡ‰Π°Π΅ΠΌΠΎΠΉ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01617
Низкий

4.3 Medium

CVSS2

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2014-0096