CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of untrusted XML documents

Solution Verified - Updated 2017-04-04T23:31:27+00:00 -

Issue

CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of external entity references in untrusted XML documents
When an application uses JSTL tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution.
Is my system vulnerable to CVE-2015-0254?

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 7.x
Red Hat JBoss Enterprise Application Platform (EAP) 6.x
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Java 1.5 and later
jakarta-taglibs-standard library being used to process XML from untrusted sources.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)