CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of untrusted XML documents
Issue
- CVE-2015-0254 - Java Standard Tag Library (JSTL) allows processing of external entity references in untrusted XML documents
- When an application uses JSTL tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution.
- Is my system vulnerable to CVE-2015-0254?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP) 7.x
- Red Hat JBoss Enterprise Application Platform (EAP) 6.x
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Java 1.5 and later
jakarta-taglibs-standardlibrary being used to process XML from untrusted sources.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
