7.5

CVSS Score

Basic Information

CVE ID

CVE-2015-0254

GHSA ID

GHSA-6x4w-8w53-xrvv

EPSS Score

0.92281%

CWE

CWE-611

Published

9/14/2020

Updated

2/1/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-0254

CVE-2015-0254: XXE in Apache Standard Taglibs

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2015-0254

GHSA ID

GHSA-6x4w-8w53-xrvv

EPSS Score

0.92281%

CWE

CWE-611

Published

9/14/2020

Updated

2/1/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.taglibs:taglibs-standard	maven	< 1.2.3	1.2.3
org.apache.taglibs:taglibs-standard-impl	maven	< 1.2.3	1.2.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*p**** St*n**r* T**li*s ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** or *on*u*t *xt*rn*l XML *ntity (XX*) *tt**ks vi* * *r**t** XSLT *xt*nsion in * (*) <x:p*rs*> or (*) <x:tr*ns*orm> JSTL XML t**.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2015-0254: XXE in Apache Standard Taglibs

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI