VDB
CVE-2014-0119
CVE-2014-0119
PUBLISHED
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
EPSS 5.33% · 90.2th percentile
Risk Scores
EPSS Score
5.33%
90.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | tomcat6 | 0, 6.0.37-1, 6.0.39-1 |
| Ubuntu:14.04:LTS | tomcat7 | 0, 7.0.42-1, 7.0.50-1 |
Exploit Intelligence
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
…and 60 more exploits
Timeline
- May 27, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Feb 8, 2024 PoC Published
References
- https://ubuntu.com/security/CVE-2014-0119 third-party-advisory
- https://ubuntu.com/security/notices/USN-2654-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0119 third-party-advisory