Vulnerability-Lookup

CVE-2014-0119 (GCVE-0-2014-0119)

Vulnerability from cvelistv5 – Published: 2014-05-31 10:00 – Updated: 2024-08-06 09:05

Summary

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://advisories.mageia.org/MGASA-2014-0268.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2654-1	vendor-advisoryx_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-0765.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/59732	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2015-0675.html	vendor-advisoryx_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://rhn.redhat.com/errata/RHSA-2015-0720.html	vendor-advisoryx_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.debian.org/security/2016/dsa-3530	vendor-advisoryx_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisoryx_refsource_HP
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/534161/100…	mailing-listx_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	https://h20564.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/59873	third-party-advisoryx_refsource_SECUNIA
	http://seclists.org/fulldisclosure/2014/May/141	mailing-listx_refsource_FULLDISC
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2014/Dec/23	mailing-listx_refsource_FULLDISC
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisoryx_refsource_HP
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/67669	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1030298	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3552	vendor-advisoryx_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
	http://secunia.com/advisories/60729	third-party-advisoryx_refsource_SECUNIA
	https://lists.apache.org/thread.html/b8a1bf18155b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd586…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
          },
          {
            "name": "USN-2654-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2654-1"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
          },
          {
            "name": "MDVSA-2015:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
          },
          {
            "name": "HPSBUX03102",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "MDVSA-2015:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/May/141"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
          },
          {
            "name": "HPSBOV03503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
          },
          {
            "name": "67669",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67669"
          },
          {
            "name": "1030298",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030298"
          },
          {
            "name": "DSA-3552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
          },
          {
            "name": "60729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:10:07.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
        },
        {
          "name": "USN-2654-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2654-1"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "59732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59732"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
        },
        {
          "name": "MDVSA-2015:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
        },
        {
          "name": "MDVSA-2015:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
        },
        {
          "name": "HPSBUX03102",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "MDVSA-2015:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "59873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59873"
        },
        {
          "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/May/141"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
        },
        {
          "name": "HPSBOV03503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
        },
        {
          "name": "SSRT101681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
        },
        {
          "name": "67669",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67669"
        },
        {
          "name": "1030298",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030298"
        },
        {
          "name": "DSA-3552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
        },
        {
          "name": "60729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60729"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
            },
            {
              "name": "USN-2654-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2654-1"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/May/141"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "SSRT101681",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
            },
            {
              "name": "67669",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67669"
            },
            {
              "name": "1030298",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030298"
            },
            {
              "name": "DSA-3552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3552"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0119",
    "datePublished": "2014-05-31T10:00:00.000Z",
    "dateReserved": "2013-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:05:39.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2014-AVI-513

Vulnerability from certfr_avis - Published: 2014-12-10 - Updated: 2014-12-10

De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Algo One versions 4.x et 5.x
IBM	Tivoli	IBM Tivoli Storage Manager versions 6.x et 7.x
IBM	WebSphere	IBM WebSphere DataPower XC10 2.x
IBM	Tivoli	IBM Tivoli Storage FlashCopy Manager versions 3.x et 4.x

References

Title

Publication Time

Tags

Bulletin de sécurité IBM du 09 décembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Algo One versions 4.x et 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Storage Manager versions 6.x et 7.x",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere DataPower XC10 2.x",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Storage FlashCopy Manager versions 3.x et 4.x",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2014-6163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6163"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
    },
    {
      "name": "CVE-2014-3058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3058"
    },
    {
      "name": "CVE-2014-6143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6143"
    },
    {
      "name": "CVE-2014-0198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    }
  ],
  "initial_release_date": "2014-12-10T00:00:00",
  "last_revision_date": "2014-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 d\u00e9cembre 2014",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21690128"
    }
  ]
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2014-11-13T00:00:00",
  "last_revision_date": "2014-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

CERTFR-2015-AVI-317

Vulnerability from certfr_avis - Published: 2015-07-24 - Updated: 2015-07-24

De multiples vulnérabilités ont été corrigées dans les produits BlueCoat. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Bluecoat	N/A	Blue Coat HSM Agent pour SafeNet Luna SP
Bluecoat	N/A	Management Center
Bluecoat	N/A	X-Series XOS
Bluecoat	N/A	IntelligenceCenter
Bluecoat	N/A	Director
Bluecoat	N/A	Content Analysis System

References

Title

Publication Time

Tags

Bulletin de sécurité BlueCoat SA100 du 23 juillet 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Blue Coat HSM Agent pour SafeNet Luna SP",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    },
    {
      "description": "Management Center",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    },
    {
      "description": "X-Series XOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    },
    {
      "description": "IntelligenceCenter",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    },
    {
      "description": "Director",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    },
    {
      "description": "Content Analysis System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bluecoat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2014-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0050"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    }
  ],
  "initial_release_date": "2015-07-24T00:00:00",
  "last_revision_date": "2015-07-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-317",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eBlueCoat\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits BlueCoat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlueCoat SA100 du 23 juillet 2015",
      "url": "https://bto.bluecoat.com/security-advisory/sa100"
    }
  ]
}

CERTFR-2014-AVI-243

Vulnerability from certfr_avis - Published: 2014-05-27 - Updated: 2014-05-27

Une vulnérabilité a été corrigée dans Apache Tomcat. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	Tomcat	Apache Tomcat versions antérieures à 6.0.41
Apache	Tomcat	Apache Tomcat versions antérieures à 8.0.8
Apache	Tomcat	Apache Tomcat versions antérieures à 7.0.54

References

Title

Publication Time

Tags

Bulletin de sécurité Apache du 22 mai 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Tomcat versions ant\u00e9rieures \u00e0 6.0.41",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat versions ant\u00e9rieures \u00e0 8.0.8",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat versions ant\u00e9rieures \u00e0 7.0.54",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    }
  ],
  "initial_release_date": "2014-05-27T00:00:00",
  "last_revision_date": "2014-05-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eApache\nTomcat\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache du 22 mai 2014",
      "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54"
    }
  ]
}

CERTFR-2022-AVI-568

Vulnerability from certfr_avis - Published: 2022-06-17 - Updated: 2022-06-17

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113
IBM	N/A	IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3
IBM	N/A	IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix
IBM	N/A	IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix

References

Title

Publication Time

Tags

Bulletin de sécurité les produits IBM 6595755 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595739 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595965 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595721 du 16 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2012-5886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2012-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2016-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2016-6794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2013-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2013-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2012-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2015-5345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2022-06-17T00:00:00",
  "last_revision_date": "2022-06-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-568",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595755"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595739"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595965"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595721"
    }
  ]
}

FKIE_CVE-2014-0119

Vulnerability from fkie_nvd - Published: 2014-05-31 11:17 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://advisories.mageia.org/MGASA-2014-0268.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=141017844705317&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=144498216801440&w=2
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0675.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0720.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0765.html
secalert@redhat.com	http://seclists.org/fulldisclosure/2014/Dec/23
secalert@redhat.com	http://seclists.org/fulldisclosure/2014/May/141
secalert@redhat.com	http://secunia.com/advisories/59732
secalert@redhat.com	http://secunia.com/advisories/59873
secalert@redhat.com	http://secunia.com/advisories/60729
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1588193
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1588199
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589640
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589837
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589980
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589983
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589985
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589990
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589992
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1589997
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1590028
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1590036
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1593815
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1593821
secalert@redhat.com	http://tomcat.apache.org/security-6.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-7.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-8.html	Vendor Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3530
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3552
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
secalert@redhat.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/534161/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/67669
secalert@redhat.com	http://www.securitytracker.com/id/1030298
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2654-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
secalert@redhat.com	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
secalert@redhat.com	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0268.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=141017844705317&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144498216801440&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0675.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0720.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0765.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Dec/23
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/May/141
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59732
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59873
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60729
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1588193
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1588199
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589640
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589837
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589980
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589983
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589985
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589990
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589992
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1589997
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1590028
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1590036
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1593815
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1593821
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-7.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-8.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3530
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3552
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67669
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030298
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2654-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
af854a3a-2127-422b-91ae-364da2661108	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
apache	tomcat	8.0.0
apache	tomcat	8.0.0
apache	tomcat	8.0.0
apache	tomcat	8.0.0
apache	tomcat	8.0.1
apache	tomcat	8.0.3
apache	tomcat	8.0.5
apache	tomcat	*
apache	tomcat	6
apache	tomcat	6.0
apache	tomcat	6.0.0
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.2
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.7
apache	tomcat	6.0.7
apache	tomcat	6.0.8
apache	tomcat	6.0.8
apache	tomcat	6.0.9
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.11
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18
apache	tomcat	6.0.19
apache	tomcat	6.0.20
apache	tomcat	6.0.24
apache	tomcat	6.0.26
apache	tomcat	6.0.27
apache	tomcat	6.0.28
apache	tomcat	6.0.29
apache	tomcat	6.0.30
apache	tomcat	6.0.31
apache	tomcat	6.0.32
apache	tomcat	6.0.33
apache	tomcat	6.0.35
apache	tomcat	6.0.36
apache	tomcat	6.0.37
apache	tomcat	7.0.0
apache	tomcat	7.0.0
apache	tomcat	7.0.1
apache	tomcat	7.0.2
apache	tomcat	7.0.2
apache	tomcat	7.0.3
apache	tomcat	7.0.4
apache	tomcat	7.0.4
apache	tomcat	7.0.5
apache	tomcat	7.0.6
apache	tomcat	7.0.7
apache	tomcat	7.0.8
apache	tomcat	7.0.9
apache	tomcat	7.0.10
apache	tomcat	7.0.11
apache	tomcat	7.0.12
apache	tomcat	7.0.13
apache	tomcat	7.0.14
apache	tomcat	7.0.15
apache	tomcat	7.0.16
apache	tomcat	7.0.17
apache	tomcat	7.0.18
apache	tomcat	7.0.19
apache	tomcat	7.0.20
apache	tomcat	7.0.21
apache	tomcat	7.0.22
apache	tomcat	7.0.23
apache	tomcat	7.0.24
apache	tomcat	7.0.25
apache	tomcat	7.0.26
apache	tomcat	7.0.27
apache	tomcat	7.0.28
apache	tomcat	7.0.29
apache	tomcat	7.0.30
apache	tomcat	7.0.31
apache	tomcat	7.0.32
apache	tomcat	7.0.33
apache	tomcat	7.0.34
apache	tomcat	7.0.35
apache	tomcat	7.0.36
apache	tomcat	7.0.37
apache	tomcat	7.0.38
apache	tomcat	7.0.39
apache	tomcat	7.0.40
apache	tomcat	7.0.41
apache	tomcat	7.0.42
apache	tomcat	7.0.43
apache	tomcat	7.0.44
apache	tomcat	7.0.45
apache	tomcat	7.0.46
apache	tomcat	7.0.47
apache	tomcat	7.0.48
apache	tomcat	7.0.49
apache	tomcat	7.0.50
apache	tomcat	7.0.52
apache	tomcat	7.0.53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4752862B-7D26-4285-B8A0-CF082C758353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "58EA7199-3373-4F97-9907-3A479A02155E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4693BD36-E522-4C8E-9667-8F3E14A05EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2BBBC5EA-012C-4C5D-A61B-BAF134B300DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A358FDF-C249-4D7A-9445-8B9E7D9D40AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFF96F96-34DB-4EB3-BF59-11220673FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF3E379-47D2-4C86-8C6D-8B3C25A0E1C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "029C1DD4-3B41-47D2-97D2-73A7D3D89817",
              "versionEndIncluding": "6.0.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "83BA996F-C770-4E36-8FD8-916EA64E9A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "0A354C34-A3FE-4B8A-9985-8874A0634BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "CFE300CC-FD4A-444E-8506-E5E269D0A0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "F50A3EC9-516E-48A7-839B-A73F491B5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "C4871FD1-7F8C-4677-A80B-4A0BBC71DD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "31AB969A-9ACE-44EF-B2E5-CEC008F47C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "06217215-72E4-4478-BACB-628A0836A645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "EA810F3F-ADD3-4D3F-9DFC-DBDD87B3079C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
              "matchCriteriaId": "8B79F2EA-C893-4359-80EC-24AE38D982E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B3593F-CEDF-423C-90F8-F88EED87DC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7862B2-E1FA-4E16-92CD-8918AB461D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E03BE3-60CC-4415-B993-D0BB00F87A30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E5E8C3-21AD-4230-B945-AB7DE66307B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "4945C8C1-C71B-448B-9075-07C6C92599CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED4730B0-2E09-408B-AFD4-FE00F73700FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DE8A8A-7643-4292-BCC1-758AE0940207",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8FF71D-4710-4FBB-9925-A6A26C450F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "7144EDDF-8265-4642-8EEB-ED52527E0A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF06B5C1-B9DD-4673-A101-56E1E593ACDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D850EA-E537-42C8-93B9-96E15CB26747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "E037DA05-2BEF-4F64-B8BB-307247B6A05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCAF1EB5-FB34-40FC-96ED-9D073890D8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "D395D95B-1F4A-420E-A0F6-609360AF7B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD221BA-0AB6-4972-8AD9-5D37AC07762F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B6565-96CB-4F6A-9A80-C3FB82F30546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3300AFE-49A4-4904-B9A0-5679F09FA01E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5125CC-05F9-4678-90DB-A5C7CD24AE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B904C74-B92E-4EAE-AE6C-78E2B844C3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6109D1-BC36-40C5-A02A-7AEBC949BAC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8A7333-B4C3-4876-AE01-62F2FD315504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "92993E23-D805-407B-8B87-11CEEE8B212F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A11BD74-305C-41E2-95B1-5008EEF5FA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "595442D0-9DB7-475A-AE30-8535B70E122E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0BA92A-0BD3-4CE4-9465-95E949104BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C947E549-2459-4AFB-84A7-36BDA30B5F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D55DF79-F9BE-4907-A4D8-96C4B11189ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "14AB5787-82D7-4F78-BE93-4556AB7A7D0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.54 y 8.x anterior a 8.0.6 no restringe debidamente el cargador de clase que accede al analizador XML utilizado con una hoja de estilo XSLT, lo que permite a atacantes remotos (1) leer archivos arbitrarios a trav\u00e9s de una aplicaci\u00f3n web manipulada que proporciona una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE) o (2) leer archivos asociados con aplicaciones web diferentes en una instancia Tomcat \u00fanica a trav\u00e9s de una aplicaci\u00f3n web manipulada."
    }
  ],
  "id": "CVE-2014-0119",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-31T11:17:13.357",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2014/May/141"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59732"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60729"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2016/dsa-3530"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2016/dsa-3552"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/67669"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030298"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2654-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/May/141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2654-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-0119

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-0119

Aliases

CVE-2014-0119

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0119",
    "description": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
    "id": "GSD-2014-0119",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-0119.html",
      "https://www.debian.org/security/2016/dsa-3530",
      "https://access.redhat.com/errata/RHSA-2015:1009",
      "https://access.redhat.com/errata/RHSA-2015:0765",
      "https://access.redhat.com/errata/RHSA-2015:0720",
      "https://access.redhat.com/errata/RHSA-2015:0675",
      "https://access.redhat.com/errata/RHSA-2015:0235",
      "https://access.redhat.com/errata/RHSA-2015:0234",
      "https://access.redhat.com/errata/RHSA-2014:1088",
      "https://access.redhat.com/errata/RHSA-2014:1087",
      "https://access.redhat.com/errata/RHSA-2014:1086",
      "https://access.redhat.com/errata/RHSA-2014:1038",
      "https://access.redhat.com/errata/RHSA-2014:1034",
      "https://access.redhat.com/errata/RHSA-2014:0895",
      "https://access.redhat.com/errata/RHSA-2014:0843",
      "https://access.redhat.com/errata/RHSA-2014:0842",
      "https://ubuntu.com/security/CVE-2014-0119",
      "https://advisories.mageia.org/CVE-2014-0119.html",
      "https://linux.oracle.com/cve/CVE-2014-0119.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0119"
      ],
      "details": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
      "id": "GSD-2014-0119",
      "modified": "2023-12-13T01:22:43.970706Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-0119",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
          },
          {
            "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
            "refsource": "CONFIRM",
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
          },
          {
            "name": "USN-2654-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2654-1"
          },
          {
            "name": "RHSA-2015:0765",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "RHSA-2015:0675",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
          },
          {
            "name": "MDVSA-2015:084",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "DSA-3530",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
          },
          {
            "name": "HPSBUX03102",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "name": "http://tomcat.apache.org/security-7.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "MDVSA-2015:053",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
          },
          {
            "name": "http://tomcat.apache.org/security-8.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
            "refsource": "CONFIRM",
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59873",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/May/141"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
          },
          {
            "name": "HPSBOV03503",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
          },
          {
            "name": "67669",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/67669"
          },
          {
            "name": "1030298",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030298"
          },
          {
            "name": "DSA-3552",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3552"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821",
            "refsource": "CONFIRM",
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
          },
          {
            "name": "60729",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,6.0.40),[7.0.0,7.0.54),[8.0.0,8.0.6)",
          "affected_versions": "All versions before 6.0.40, all versions starting from 7.0.0 before 7.0.54, all versions starting from 8.0.0 before 8.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2022-07-07",
          "description": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
          "fixed_versions": [
            "6.0.40",
            "7.0.54",
            "8.0.6"
          ],
          "identifier": "CVE-2014-0119",
          "identifiers": [
            "GHSA-prc3-7f44-w48j",
            "CVE-2014-0119"
          ],
          "not_impacted": "All versions starting from 6.0.40 before 7.0.0, all versions starting from 7.0.54 before 8.0.0, all versions starting from 8.0.6",
          "package_slug": "maven/org.apache.tomcat/tomcat",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to versions 6.0.40, 7.0.54, 8.0.6 or above.",
          "title": "Missing XML Validation in Apache Tomcat",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2014-0119",
            "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
            "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
            "http://advisories.mageia.org/MGASA-2014-0268.html",
            "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2",
            "http://rhn.redhat.com/errata/RHSA-2015-0675.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0720.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0765.html",
            "http://seclists.org/fulldisclosure/2014/Dec/23",
            "http://seclists.org/fulldisclosure/2014/May/141",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815",
            "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821",
            "http://tomcat.apache.org/security-6.html",
            "http://tomcat.apache.org/security-7.html",
            "http://tomcat.apache.org/security-8.html",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
            "http://www.debian.org/security/2016/dsa-3530",
            "http://www.debian.org/security/2016/dsa-3552",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
            "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
            "http://www.ubuntu.com/usn/USN-2654-1",
            "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
            "https://github.com/advisories/GHSA-prc3-7f44-w48j"
          ],
          "uuid": "427e95a7-0260-4729-a019-8741a4b39fc7"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0119"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "67669",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/67669"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "DSA-3552",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2016/dsa-3552"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "1030298",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030298"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/May/141"
            },
            {
              "name": "USN-2654-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2654-1"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-04-15T16:29Z",
      "publishedDate": "2014-05-31T11:17Z"
    }
  }
}

GHSA-PRC3-7F44-W48J

Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2025-04-14 21:41

Summary

Missing XML Validation in Apache Tomcat

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-0119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:52:38Z",
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
  "id": "GHSA-prc3-7f44-w48j",
  "modified": "2025-04-14T21:41:44Z",
  "published": "2022-05-14T01:10:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/May/141"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59732"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59873"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60729"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3530"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3552"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/67669"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030298"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2654-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Missing XML Validation in Apache Tomcat"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-0119 (GCVE-0-2014-0119)

Contournement provisoire

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature