7.5
CVE-2014-0107
- EPSS 6.47%
- Published 15.04.2014 23:13:13
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Xalan-java Version <= 2.7.1
Apache ≫ Xalan-java Version1.0.0
Apache ≫ Xalan-java Version2.0.0
Apache ≫ Xalan-java Version2.0.1
Apache ≫ Xalan-java Version2.1.0
Apache ≫ Xalan-java Version2.2.0
Apache ≫ Xalan-java Version2.4.0
Apache ≫ Xalan-java Version2.4.1
Apache ≫ Xalan-java Version2.5.0
Apache ≫ Xalan-java Version2.5.1
Apache ≫ Xalan-java Version2.5.2
Apache ≫ Xalan-java Version2.6.0
Apache ≫ Xalan-java Version2.7.0
Oracle ≫ Webcenter Sites Version7.6.2
Oracle ≫ Webcenter Sites Version11.1.1.8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.47% | 0.907 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|