Bug 1080248 (CVE-2014-0107, oCERT-2014-002)
| Summary: | CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing feature | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | David Jorm <djorm> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | chazlett, grocha, mjc, weli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | xalan-j2 2.7.2 | Doc Type: | Bug Fix |
| Doc Text: |
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:32:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1081304, 1081305, 1081306, 1081307, 1081308, 1081309, 1081310, 1081311, 1081312, 1081313, 1081314, 1081315, 1081316, 1081317, 1081318, 1081319, 1081320, 1081321, 1081322, 1083425, 1124701, 1130978, 1139883 | ||
| Bug Blocks: | 1059445, 1080337, 1082921, 1082938, 1085570, 1097460, 1110978, 1113315, 1114455, 1125720, 1127913, 1141957, 1145284, 1159080, 1244362 | ||
|
Description
David Jorm
2014-03-25 03:12:16 UTC
Upstream bug: https://issues.apache.org/jira/browse/XALANJ-2435 Upstream patch commit: http://svn.apache.org/viewvc?view=revision&revision=1581058 External References: http://www.ocert.org/advisories/ocert-2014-002.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:0348 https://rhn.redhat.com/errata/RHSA-2014-0348.html xalan-j2-2.7.1-22.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. xalan-j2-2.7.1-22.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.2 Via RHSA-2014:0454 https://rhn.redhat.com/errata/RHSA-2014-0454.html This issue has been addressed in following products: JBEAP 6.2 for RHEL 5 JBEAP 6.2 for RHEL 6 Via RHSA-2014:0453 https://rhn.redhat.com/errata/RHSA-2014-0453.html This issue has been addressed in following products: JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 JBEAP 5 for RHEL 4 Via RHSA-2014:0591 https://rhn.redhat.com/errata/RHSA-2014-0591.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2014:0590 https://rhn.redhat.com/errata/RHSA-2014-0590.html This issue has been addressed in following products: JBoss BPM Suite 6.0.2 Via RHSA-2014:0819 https://rhn.redhat.com/errata/RHSA-2014-0819.html This issue has been addressed in following products: JBoss BRMS 6.0.2 Via RHSA-2014:0818 https://rhn.redhat.com/errata/RHSA-2014-0818.html This issue has been addressed in following products: Red Hat JBoss BRMS 5.3.1 Via RHSA-2014:1007 https://rhn.redhat.com/errata/RHSA-2014-1007.html IssueDescription: It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.2.2 Via RHSA-2014:1059 https://rhn.redhat.com/errata/RHSA-2014-1059.html This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2014:1291 https://rhn.redhat.com/errata/RHSA-2014-1291.html This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2014:1290 https://rhn.redhat.com/errata/RHSA-2014-1290.html This issue has been addressed in the following products: Red Hat JBoss Fuse/A-MQ 6.1.0 Via RHSA-2014:1351 https://rhn.redhat.com/errata/RHSA-2014-1351.html This issue has been addressed in the following products: Fuse ESB Enterprise 7.1.0 Fuse MQ Enterprise 7.1.0 Via RHSA-2014:1369 https://rhn.redhat.com/errata/RHSA-2014-1369.html This issue has been addressed in the following products: JBoss Fuse Service Works 6.0.0 Via RHSA-2014:1995 https://rhn.redhat.com/errata/RHSA-2014-1995.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html This issue has been addressed in the following products: Via RHSA-2015:1888 https://rhn.redhat.com/errata/RHSA-2015-1888.html |