ghsa-qprx-q2r7-3rx6
Vulnerability from github
Published
2022-05-14 01:10
Modified
2024-02-22 16:36
Summary
Improper Input Validation in Apache Tomcat
Details

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-0096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:54:11Z",
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "severity": "MODERATE"
  },
  "details": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-qprx-q2r7-3rx6",
  "modified": "2024-02-22T16:36:38Z",
  "published": "2022-05-14T01:10:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/May/135"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3530"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3552"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Input Validation in Apache Tomcat"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.