ID de Prueba:	1.3.6.1.4.1.25623.1.0.120214
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-325)
Resumen:	The remote host is missing an update for the 'xalan-j2' package(s) announced via the ALAS-2014-325 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xalan-j2' package(s) announced via the ALAS-2014-325 advisory. Vulnerability Insight: It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107) Affected Software/OS: 'xalan-j2' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0107 BugTraq ID: 66397 http://www.securityfocus.com/bid/66397 http://svn.apache.org/viewvc?view=revision&revision=1581058 http://www-01.ibm.com/support/docview.wss?uid=swg21674334 http://www-01.ibm.com/support/docview.wss?uid=swg21676093 http://www-01.ibm.com/support/docview.wss?uid=swg21677145 http://www-01.ibm.com/support/docview.wss?uid=swg21680703 http://www-01.ibm.com/support/docview.wss?uid=swg21681933 http://www.ibm.com/support/docview.wss?uid=swg21677967 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 https://issues.apache.org/jira/browse/XALANJ-2435 https://www.tenable.com/security/tns-2018-15 Debian Security Information: DSA-2886 (Google Search) http://www.debian.org/security/2014/dsa-2886 https://security.gentoo.org/glsa/201604-02 http://www.ocert.org/advisories/ocert-2014-002.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2014:0348 http://rhn.redhat.com/errata/RHSA-2014-0348.html RedHat Security Advisories: RHSA-2014:1351 http://rhn.redhat.com/errata/RHSA-2014-1351.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html http://www.securitytracker.com/id/1034711 http://www.securitytracker.com/id/1034716 http://secunia.com/advisories/57563 http://secunia.com/advisories/59036 http://secunia.com/advisories/59151 http://secunia.com/advisories/59247 http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 http://secunia.com/advisories/59369 http://secunia.com/advisories/59515 http://secunia.com/advisories/59711 http://secunia.com/advisories/60502 XForce ISS Database: apache-xalanjava-cve20140107-sec-bypass(92023) https://exchange.xforce.ibmcloud.com/vulnerabilities/92023
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.