Test ID:	1.3.6.1.4.1.25623.1.0.702886
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2886-1)
Summary:	The remote host is missing an update for the Debian 'libxalan2-java' package(s) announced via the DSA-2886-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libxalan2-java' package(s) announced via the DSA-2886-1 advisory. Vulnerability Insight: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.1-5+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 2.7.1-7+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2.7.1-9. We recommend that you upgrade your libxalan2-java packages. Affected Software/OS: 'libxalan2-java' package(s) on Debian 6, Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0107 BugTraq ID: 66397 http://www.securityfocus.com/bid/66397 http://svn.apache.org/viewvc?view=revision&revision=1581058 http://www-01.ibm.com/support/docview.wss?uid=swg21674334 http://www-01.ibm.com/support/docview.wss?uid=swg21676093 http://www-01.ibm.com/support/docview.wss?uid=swg21677145 http://www-01.ibm.com/support/docview.wss?uid=swg21680703 http://www-01.ibm.com/support/docview.wss?uid=swg21681933 http://www.ibm.com/support/docview.wss?uid=swg21677967 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 https://issues.apache.org/jira/browse/XALANJ-2435 https://www.tenable.com/security/tns-2018-15 Debian Security Information: DSA-2886 (Google Search) http://www.debian.org/security/2014/dsa-2886 https://security.gentoo.org/glsa/201604-02 http://www.ocert.org/advisories/ocert-2014-002.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2014:0348 http://rhn.redhat.com/errata/RHSA-2014-0348.html RedHat Security Advisories: RHSA-2014:1351 http://rhn.redhat.com/errata/RHSA-2014-1351.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html http://www.securitytracker.com/id/1034711 http://www.securitytracker.com/id/1034716 http://secunia.com/advisories/57563 http://secunia.com/advisories/59036 http://secunia.com/advisories/59151 http://secunia.com/advisories/59247 http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 http://secunia.com/advisories/59369 http://secunia.com/advisories/59515 http://secunia.com/advisories/59711 http://secunia.com/advisories/60502 XForce ISS Database: apache-xalanjava-cve20140107-sec-bypass(92023) https://exchange.xforce.ibmcloud.com/vulnerabilities/92023
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.