CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.1%
Important: Information Disclosure CVE-2015-0254
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a JSTL XML tag.
This issue was identified by the David Jorm of IIX and made public on 27 February 2015.
Affects: All versions prior to 1.2.3
Vendor | Product | Version | CPE |
---|---|---|---|
apache | standard_taglibs | * | cpe:2.3:a:apache:standard_taglibs:*:*:*:*:*:*:*:* |