2024-09-05
ALT-BU-2024-17664-1
Branch c9f2 update bulletin.
Closed vulnerabilities
Published: 2014-04-15
BDU:2015-04126
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2014-04-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Severity: HIGH (7.5)
References:
- RHSA-2014:0348
- RHSA-2014:0348
- RHSA-2014:1351
- RHSA-2014:1351
- RHSA-2015:1888
- RHSA-2015:1888
- 57563
- 57563
- 59036
- 59036
- 59151
- 59151
- 59247
- 59247
- 59290
- 59290
- 59291
- 59291
- 59369
- 59369
- 59515
- 59515
- 59711
- 59711
- 60502
- 60502
- http://svn.apache.org/viewvc?view=revision&revision=1581058
- http://svn.apache.org/viewvc?view=revision&revision=1581058
- DSA-2886
- DSA-2886
- http://www.ibm.com/support/docview.wss?uid=swg21677967
- http://www.ibm.com/support/docview.wss?uid=swg21677967
- http://www.ocert.org/advisories/ocert-2014-002.html
- http://www.ocert.org/advisories/ocert-2014-002.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- 66397
- 66397
- 1034711
- 1034711
- 1034716
- 1034716
- http://www-01.ibm.com/support/docview.wss?uid=swg21674334
- http://www-01.ibm.com/support/docview.wss?uid=swg21674334
- http://www-01.ibm.com/support/docview.wss?uid=swg21676093
- http://www-01.ibm.com/support/docview.wss?uid=swg21676093
- http://www-01.ibm.com/support/docview.wss?uid=swg21677145
- http://www-01.ibm.com/support/docview.wss?uid=swg21677145
- http://www-01.ibm.com/support/docview.wss?uid=swg21680703
- http://www-01.ibm.com/support/docview.wss?uid=swg21680703
- http://www-01.ibm.com/support/docview.wss?uid=swg21681933
- http://www-01.ibm.com/support/docview.wss?uid=swg21681933
- apache-xalanjava-cve20140107-sec-bypass(92023)
- apache-xalanjava-cve20140107-sec-bypass(92023)
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- https://issues.apache.org/jira/browse/XALANJ-2435
- https://issues.apache.org/jira/browse/XALANJ-2435
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107
- [tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107
- [tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107
- [tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107
- GLSA-201604-02
- GLSA-201604-02
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.tenable.com/security/tns-2018-15
- https://www.tenable.com/security/tns-2018-15