Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871440
Category:Red Hat Local Security Checks
Title:RedHat Update for jakarta-taglibs-standard RHSA-2015:1695-01
Summary:The remote host is missing an update for the 'jakarta-taglibs-standard'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'jakarta-taglibs-standard'
package(s) announced via the referenced advisory.

Vulnerability Insight:
jakarta-taglibs-standard is the Java Standard Tag Library (JSTL).
This library is used in conjunction with Tomcat and Java Server Pages
(JSP).

It was found that the Java Standard Tag Library (JSTL) allowed the
processing of untrusted XML documents to utilize external entity
references, which could access resources on the host system and,
potentially, allowing arbitrary code execution. (CVE-2015-0254)

Note: jakarta-taglibs-standard users may need to take additional steps
after applying this update. Detailed instructions on the additional steps
can be found at the linked references.

All jakarta-taglibs-standard users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

Affected Software/OS:
jakarta-taglibs-standard on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0254
BugTraq ID: 72809
http://www.securityfocus.com/bid/72809
Bugtraq: 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags (Google Search)
http://www.securityfocus.com/archive/1/534772/100/0/threaded
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.apache.org/thread.html/rc1686f6196bb9063bf26577a21b8033c19c1a30e5a9159869c8f3d38@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r6c93d8ade3788dbc00f5a37238bc278e7d859f2446b885460783a16f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rf1179e6971bc46f0f68879a9a10cc97ad4424451b0889aeef04c8077@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/8a20e48acb2a40be5130df91cf9d39d8ad93181989413d4abcaa4914@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rfc2bfd99c340dafd501676693cd889c1f9f838b97bdd0776a8f5557d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
http://mail-archives.apache.org/mod_mbox/tomcat-taglibs-user/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E
RedHat Security Advisories: RHSA-2015:1695
http://rhn.redhat.com/errata/RHSA-2015-1695.html
RedHat Security Advisories: RHSA-2016:1376
https://access.redhat.com/errata/RHSA-2016:1376
RedHat Security Advisories: RHSA-2016:1838
http://rhn.redhat.com/errata/RHSA-2016-1838.html
RedHat Security Advisories: RHSA-2016:1839
http://rhn.redhat.com/errata/RHSA-2016-1839.html
RedHat Security Advisories: RHSA-2016:1840
http://rhn.redhat.com/errata/RHSA-2016-1840.html
RedHat Security Advisories: RHSA-2016:1841
http://rhn.redhat.com/errata/RHSA-2016-1841.html
http://www.securitytracker.com/id/1034934
SuSE Security Announcement: openSUSE-SU-2015:1751 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-10/msg00033.html
http://www.ubuntu.com/usn/USN-2551-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.