CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of untrusted XML documents

Solution Verified - Updated -

Issue

  • CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of external entity references in untrusted XML documents
  • When an application uses JSTL tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution.
  • Is my system vulnerable to CVE-2015-0254?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 7.x
  • Red Hat JBoss Enterprise Application Platform (EAP) 6.x
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Java 1.5 and later
  • jakarta-taglibs-standard library being used to process XML from untrusted sources.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In