Apache Standard Taglibs prior to 1.2.3 allows remote malicious users to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache standard taglibs |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |