Lucene search
F5F5:K15428HistoryJun 13, 2015 - 12:00 a.m.
K15428 : Apache Tomcat vulnerability CVE-2014-0096
2015-06-1300:00:00
my.f5.com
7
Security Advisory Description
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (CVE-2014-0096)
Impact
An attacker may be able to bypass security-manager restrictions through a crafted web application. This vulnerability is considered local, as it is exploitable only by an authenticated user accessing the system using the command line.
Related
securityvulns
securityvulns
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure
2014-05-29 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-05-29 00:00:00
veracode
veracode
XML External Entity (XXE)
2017-04-07 03:32:44
debiancve
debiancve
CVE-2014-0096
2014-05-31 11:17:00
prion
prion
Xxe
2014-05-31 11:17:00
nessus
nessus
F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15428)
2014-12-03 00:00:00
FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)
2014-07-24 00:00:00
Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)
2014-07-31 00:00:00
osv
osv
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
tomcat7 - security update
2016-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2014-0096
2014-05-31 00:00:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
cvelist
cvelist
CVE-2014-0096
2014-05-31 10:00:00
f5
f5
SOL15428 - Apache Tomcat vulnerability CVE-2014-0096
2014-07-17 00:00:00
nvd
nvd
CVE-2014-0096
2014-05-31 11:17:13
cve
cve
CVE-2014-0096
2014-05-31 11:17:13
openvas
openvas
Ubuntu: Security Advisory (USN-2302-1)
2014-08-05 00:00:00
Oracle: Security Advisory (ELSA-2014-0827)
2015-10-06 00:00:00
Apache Tomcat Multiple Vulnerabilities (Nov 2014)
2014-11-28 00:00:00
redhat
redhat
(RHSA-2014:0834) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update
2014-07-03 16:52:45
(RHSA-2014:0836) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-07-03 16:54:26
(RHSA-2014:0827) Moderate: tomcat security update
2014-07-02 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.53
2014-03-30 00:00:00
Fixed in Apache Tomcat 6.0.41
2014-05-23 00:00:00
Fixed in Apache Tomcat 8.0.5
2014-03-27 00:00:00
kaspersky
kaspersky
KLA10072 Multiple vulnerabilities in Apache Tomcat
2014-03-30 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2014-05-23 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-07-30 00:00:00
threatpost
threatpost
Apache Patches Bugs in Tomcat
2014-05-30 12:31:25
oraclelinux
oraclelinux
tomcat security update
2014-07-23 00:00:00
tomcat security update
2014-08-07 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
amazon
amazon
Medium: tomcat8
2015-05-14 14:40:00
Medium: tomcat7
2015-05-14 14:38:00
mageia
mageia
Updated tomcat and tomcat6 packages fix security vulnerabilities
2014-06-20 00:30:12
fedora
fedora
[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21
2015-02-23 08:03:06
centos
centos
tomcat6 security update
2014-07-09 16:09:49
debian
debian
[SECURITY] [DSA 3552-1] tomcat7 security update
2016-04-17 18:44:26
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00