CVE-2014-0107 – Xalan-Java: insufficient constraints in secure processing feature
https://notcve.org/view.php?id=CVE-2014-0107
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. El TransformerFactory en Apache Xalan-Java anterior a 2.7.2 no restringe debidamente el acceso a ciertas propiedades cuando FEATURE_SECURE_PROCESSING está habilitado, lo cual permite a atacantes remotos evadir restricciones y cargar clases arbitrarias o acceder a recursos externos a través de una propiedad (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header o (4) xslt:entities manipulada, o una propiedad Java que está ligada a la función XSLT 1.0 system-property. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. • http://rhn.redhat.com/errata/RHSA-2014-0348.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secunia.com/advisories/57563 http://secunia.com/advisories/59036 http://secunia.com/advisories/59151 http://secunia.com/advisories/59247 http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 http://secunia.com/advisories/59369 http://secunia.com/advisories/59515 http://secunia.com/advisories/59711 • CWE-264: Permissions, Privileges, and Access Controls CWE-358: Improperly Implemented Security Check for Standard •