Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for jakarta-taglibs-standard RHSA-2015:1695-01
Summary:The remote host is missing an update for the 'jakarta-taglibs-standard'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'jakarta-taglibs-standard'
package(s) announced via the referenced advisory.

Vulnerability Insight:
jakarta-taglibs-standard is the Java Standard Tag Library (JSTL).
This library is used in conjunction with Tomcat and Java Server Pages

It was found that the Java Standard Tag Library (JSTL) allowed the
processing of untrusted XML documents to utilize external entity
references, which could access resources on the host system and,
potentially, allowing arbitrary code execution. (CVE-2015-0254)

Note: jakarta-taglibs-standard users may need to take additional steps
after applying this update. Detailed instructions on the additional steps
can be found at the linked references.

All jakarta-taglibs-standard users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

Affected Software/OS:
jakarta-taglibs-standard on Red Hat Enterprise Linux Server (v. 7)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0254
BugTraq ID: 72809
Bugtraq: 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags (Google Search)
RedHat Security Advisories: RHSA-2015:1695
RedHat Security Advisories: RHSA-2016:1376
RedHat Security Advisories: RHSA-2016:1838
RedHat Security Advisories: RHSA-2016:1839
RedHat Security Advisories: RHSA-2016:1840
RedHat Security Advisories: RHSA-2016:1841
SuSE Security Announcement: openSUSE-SU-2015:1751 (Google Search)
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.