CVE-2014-0107: Improper Authorization in Apache Xalan-Java
7.5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.89942%
CWE
Published
5/13/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
xalan:xalan | maven | < 2.7.2 | 2.7.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerable functions are identified by analyzing the patch for CVE-2014-0107. The patch modifies the TransformerFactoryImpl class to properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. The getAttribute and setAttribute methods are the primary functions that are modified to address the vulnerability.