// For flags

CVE-2014-0107

Xalan-Java: insufficient constraints in secure processing feature

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

El TransformerFactory en Apache Xalan-Java anterior a 2.7.2 no restringe debidamente el acceso a ciertas propiedades cuando FEATURE_SECURE_PROCESSING está habilitado, lo cual permite a atacantes remotos evadir restricciones y cargar clases arbitrarias o acceder a recursos externos a través de una propiedad (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header o (4) xslt:entities manipulada, o una propiedad Java que está ligada a la función XSLT 1.0 system-property.

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-03-25 CVE Published
  • 2023-05-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-358: Improperly Implemented Security Check for Standard
CAPEC
References (41)
URL Tag Source
http://secunia.com/advisories/57563 Third Party Advisory
http://secunia.com/advisories/59036 Third Party Advisory
http://secunia.com/advisories/59151 Third Party Advisory
http://secunia.com/advisories/59247 Third Party Advisory
http://secunia.com/advisories/59290 Third Party Advisory
http://secunia.com/advisories/59291 Third Party Advisory
http://secunia.com/advisories/59369 Third Party Advisory
http://secunia.com/advisories/59515 Third Party Advisory
http://secunia.com/advisories/59711 Third Party Advisory
http://secunia.com/advisories/60502 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21674334 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676093 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21677145 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21680703 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681933 X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21677967 X_refsource_confirm
http://www.ocert.org/advisories/ocert-2014-002.html Us Government Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.securityfocus.com/bid/66397 Vdb Entry
http://www.securitytracker.com/id/1034711 Vdb Entry
http://www.securitytracker.com/id/1034716 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/92023 Vdb Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 X_refsource_confirm
https://issues.apache.org/jira/browse/XALANJ-2435 X_refsource_confirm
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E Mailing List
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E Mailing List
https://www.oracle.com//security-alerts/cpujul2021.html X_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html X_refsource_misc
https://www.tenable.com/security/tns-2018-15 X_refsource_confirm
URL Date SRC
URL Date SRC
http://svn.apache.org/viewvc?view=revision&revision=1581058 2023-11-07
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html 2023-11-07
URL Date SRC
http://rhn.redhat.com/errata/RHSA-2014-0348.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1351.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1888.html 2023-11-07
http://www.debian.org/security/2014/dsa-2886 2023-11-07
https://security.gentoo.org/glsa/201604-02 2023-11-07
https://access.redhat.com/security/cve/CVE-2014-0107 2015-10-12
https://bugzilla.redhat.com/show_bug.cgi?id=1080248 2015-10-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 <= 2.7.1
Search vendor "Apache" for product "Xalan-java" and version " <= 2.7.1"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 1.0.0
Search vendor "Apache" for product "Xalan-java" and version "1.0.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.0.0
Search vendor "Apache" for product "Xalan-java" and version "2.0.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.0.1
Search vendor "Apache" for product "Xalan-java" and version "2.0.1"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.1.0
Search vendor "Apache" for product "Xalan-java" and version "2.1.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.2.0
Search vendor "Apache" for product "Xalan-java" and version "2.2.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.4.0
Search vendor "Apache" for product "Xalan-java" and version "2.4.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.4.1
Search vendor "Apache" for product "Xalan-java" and version "2.4.1"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.5.0
Search vendor "Apache" for product "Xalan-java" and version "2.5.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.5.1
Search vendor "Apache" for product "Xalan-java" and version "2.5.1"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.5.2
Search vendor "Apache" for product "Xalan-java" and version "2.5.2"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.6.0
Search vendor "Apache" for product "Xalan-java" and version "2.6.0"
-
Affected
Apache
Search vendor "Apache"
 Xalan-java
Search vendor "Apache" for product "Xalan-java"
 2.7.0
Search vendor "Apache" for product "Xalan-java" and version "2.7.0"
-
Affected
Oracle
Search vendor "Oracle"
 Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
 7.6.2
Search vendor "Oracle" for product "Webcenter Sites" and version "7.6.2"
-
Affected
Oracle
Search vendor "Oracle"
 Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
 11.1.1.8.0
Search vendor "Oracle" for product "Webcenter Sites" and version "11.1.1.8.0"
-
Affected