Home

CVE-2014-0119

Description

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
7.063

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0Windows
Vulnerabilities CVE-2014-0075,CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat 6.0.40Windows
Vulnerabilities CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat 7.0.54Windows
Vulnerabilities CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat 8.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9Windows
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina 6.0.40Windows
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina 7.0.54Windows
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina 8.0.6Windows
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper 6.0.40Windows
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper 7.0.54Windows
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper 8.0.6Windows
Servlet and JSP engine (USN-2654-1) libtomcat7-java_7.0.56-2ubuntu0.1_all.debLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
Vulnerabilities CVE-2014-0075,CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat for Linux 6.0.40Linux
Vulnerabilities CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat for Linux 7.0.54Linux
Vulnerabilities CVE-2014-0099,CVE-2014-0096,CVE-2014-0119 are fixed in Apache - tomcat for Linux 8.0.6Linux
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina for Linux 6.0.40Linux
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina for Linux 7.0.54Linux
Vulnerabilities CVE-2014-0096,CVE-2014-0119 are fixed in Apache-tomcat-catalina for Linux 8.0.6Linux
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper for Linux 6.0.40Linux
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper for Linux 7.0.54Linux
Vulnerabilities CVE-2014-0119 are fixed in Apache-tomcat-jasper for Linux 8.0.6Linux
CVE-2014-0119NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234