CVE-2014-0119 in Communications Policy Managementinfo

Zusammenfassung (Englisch)

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservieren

03.12.2013

Veröffentlichung

31.05.2014

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
92847Oracle Communications Policy Management Tomcat erweiterte Rechte264Nicht definiertOffizieller FixCVE-2014-0119
67879Oracle Enterprise Data Quality Internal Operations erweiterte Rechte264Nicht definiertOffizieller FixCVE-2014-0119
13383Apache Tomcat XML erweiterte Rechte264Nicht definiertOffizieller FixCVE-2014-0119

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!