First published: Wed Mar 04 2015(Updated: )
Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jakarta-taglibs-standard | <1.2.3 | 1.2.3 |
Apache Standard Taglibs | <=1.2.1 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
IBM Data Risk Manager | <=2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-0254 is a vulnerability in Apache Standard Taglibs that allows remote attackers to execute arbitrary code or conduct XML External Entity Injection (XXE) attacks.
CVE-2015-0254 allows an attacker to execute arbitrary code on the system by exploiting an XXE error when processing XML data.
The Apache Standard Taglibs versions up to and including 1.2.3 are affected by CVE-2015-0254.
CVE-2015-0254 has a severity rating of high.
To fix CVE-2015-0254, you should update the Apache Standard Taglibs to version 1.2.3 or higher, or apply the necessary patches provided by the vendor.