CVE-2015-0254 – taglibs:standard

Package

Manager: maven
Name: taglibs:standard
Vulnerable Version: >=0 <1.2.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a <x:parse> or <x:transform> JSTL XML tag

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-94"]
Alternative ID: N/A
Finding: F083
Auto approve: 1