Vulnerable Library - jstl-1.2.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Found in HEAD commit: 5fcbcf42db4b6848b483f7c0d9a14f88a33779a8
Vulnerabilities
Details
CVE-2015-0254
Vulnerable Library - jstl-1.2.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Dependency Hierarchy:
- ❌ jstl-1.2.jar (Vulnerable Library)
Found in HEAD commit: 5fcbcf42db4b6848b483f7c0d9a14f88a33779a8
Found in base branch: master
Reachability Analysis
The vulnerable code is not reachable.
Vulnerability Details
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Publish Date: 2015-03-09
URL: CVE-2015-0254
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/taglibs/standard/
Release Date: 2015-03-09
Fix Resolution: org.apache.taglibs:taglibs-standard-impl:1.2.3
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Found in HEAD commit: 5fcbcf42db4b6848b483f7c0d9a14f88a33779a8
Vulnerabilities
Details
Vulnerable Library - jstl-1.2.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Dependency Hierarchy:
Found in HEAD commit: 5fcbcf42db4b6848b483f7c0d9a14f88a33779a8
Found in base branch: master
Reachability Analysis
The vulnerable code is not reachable.
Vulnerability Details
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Publish Date: 2015-03-09
URL: CVE-2015-0254
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/taglibs/standard/
Release Date: 2015-03-09
Fix Resolution: org.apache.taglibs:taglibs-standard-impl:1.2.3
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.