Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
advisories.mageia.org/MGASA-2014-0268.html
marc.info/?l=bugtraq&m=141017844705317&w=2
marc.info/?l=bugtraq&m=144498216801440&w=2
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0765.html
seclists.org/fulldisclosure/2014/Dec/23
seclists.org/fulldisclosure/2014/May/141
svn.apache.org/viewvc?view=revision&revision=1588193
svn.apache.org/viewvc?view=revision&revision=1588199
svn.apache.org/viewvc?view=revision&revision=1589640
svn.apache.org/viewvc?view=revision&revision=1589837
svn.apache.org/viewvc?view=revision&revision=1589980
svn.apache.org/viewvc?view=revision&revision=1589983
svn.apache.org/viewvc?view=revision&revision=1589985
svn.apache.org/viewvc?view=revision&revision=1589990
svn.apache.org/viewvc?view=revision&revision=1589992
svn.apache.org/viewvc?view=revision&revision=1589997
svn.apache.org/viewvc?view=revision&revision=1590028
svn.apache.org/viewvc?view=revision&revision=1590036
svn.apache.org/viewvc?view=revision&revision=1593815
svn.apache.org/viewvc?view=revision&revision=1593821
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
www-01.ibm.com/support/docview.wss?uid=swg21678231
www-01.ibm.com/support/docview.wss?uid=swg21681528
www.debian.org/security/2016/dsa-3530
www.debian.org/security/2016/dsa-3552
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
www.ubuntu.com/usn/USN-2654-1
www.vmware.com/security/advisories/VMSA-2014-0012.html
github.com/apache/tomcat
github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f
github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d
github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c
github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af
github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81
github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1
github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b
github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5
github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481
github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2
github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834
github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d
github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447
github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f
github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27
github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802
github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04
github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-0119