CVE-2014-0096

Published: May 31, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (107)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

55 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 7.0.0
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.13
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.15
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.17
Apache Tomcat	Version 7.0.18
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.1
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.24
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.31
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.36
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.38
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.3
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.43
Apache Tomcat	Version 7.0.44
Apache Tomcat	Version 7.0.45
Apache Tomcat	Version 7.0.46
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.48
Apache Tomcat	Version 7.0.49
Apache Tomcat	Version 7.0.4
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.5
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 7.0.7
Apache Tomcat	Version 7.0.8
Apache Tomcat	Version 7.0.9

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc2
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.3

Configuration C

46 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Up to 6.0.39
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.0 alpha
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.12
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.15
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.17
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.19
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.1 alpha
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.27
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.2 alpha
Apache Tomcat	Version 6.0.2 beta
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.31
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.35
Apache Tomcat	Version 6.0.36
Apache Tomcat	Version 6.0.37
Apache Tomcat	Version 6.0.3
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.4 alpha
Apache Tomcat	Version 6.0.5
Apache Tomcat	Version 6.0.6
Apache Tomcat	Version 6.0.6 alpha
Apache Tomcat	Version 6.0.7
Apache Tomcat	Version 6.0.7 alpha
Apache Tomcat	Version 6.0.7 beta
Apache Tomcat	Version 6.0.8
Apache Tomcat	Version 6.0.8 alpha
Apache Tomcat	Version 6.0.9
Apache Tomcat	Version 6.0.9 beta
Apache Tomcat	Version 6.0
Apache Tomcat	Version 6

Related CWEs

CWE-264

References (96)

http://advisories.mageia.org/MGASA-2014-0268.html

Source: secalert@redhat.com

http://linux.oracle.com/errata/ELSA-2014-0865.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=141017844705317&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=144498216801440&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0675.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0720.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0765.html

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2014/Dec/23

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2014/May/135

Source: secalert@redhat.com

http://secunia.com/advisories/59121

Source: secalert@redhat.com

http://secunia.com/advisories/59616

Source: secalert@redhat.com

http://secunia.com/advisories/59678

Source: secalert@redhat.com

http://secunia.com/advisories/59732

Source: secalert@redhat.com

http://secunia.com/advisories/59835

Source: secalert@redhat.com

http://secunia.com/advisories/59849

Source: secalert@redhat.com

http://secunia.com/advisories/59873

Source: secalert@redhat.com

http://secunia.com/advisories/60729

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1578610

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1578611

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1578637

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1578655

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1585853

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3552

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:053

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

Source: secalert@redhat.com

http://www.novell.com/support/kb/doc.php?id=7010166

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/67667

Source: secalert@redhat.com

http://www.securitytracker.com/id/1030301

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: secalert@redhat.com

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0268.html