CVE-2014-0119 in Communications Policy Managementinfo

Summary

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/03/2013

Disclosure

05/31/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
92847Oracle Communications Policy Management Tomcat access control264Not definedOfficial fixCVE-2014-0119
67879Oracle Enterprise Data Quality Internal Operations access control264Not definedOfficial fixCVE-2014-0119
13383Apache Tomcat XML access control264Not definedOfficial fixCVE-2014-0119

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!