Description
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References (48)
Core 48
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0765.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0675.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0720.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0268.html
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7010166
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67667
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59121
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59732
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59835
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59849
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0865.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1578637
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030301
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3530
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59678
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-8.html
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1585853
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59616
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/May/135
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Various Sources x_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1578655
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59873
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/23
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=144498216801440&w=2
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1578610
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1578611
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3552
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60729
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.0580
EPSS Percentile
90.6%
Details
CWE
CWE-264
Status
published
Products (47)
apache/tomcat
7.0.0 (2 CPE variants)
apache/tomcat
7.0.1
apache/tomcat
7.0.2 (2 CPE variants)
apache/tomcat
7.0.3
apache/tomcat
7.0.4 (2 CPE variants)
apache/tomcat
7.0.5
apache/tomcat
7.0.6
apache/tomcat
7.0.7
apache/tomcat
7.0.8
apache/tomcat
7.0.9
... and 37 more
Published
May 31, 2014
Tracked Since
Feb 18, 2026