VDB
RHSA-2014%3A0818
RHSA-2014%3A0818
PUBLISHED
CVSS 6.800000190734863 MEDIUM
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
Risk Scores
CVSS 2.0
6.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss BRMS 6.0 |
Timeline
- Jun 30, 2014 CVE Published
- Jan 28, 2026 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2014:0818 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions&version=6.0.2 advisory
- https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BRMS/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1080248 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1092783 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1093273 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1093276 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0818.json advisory
- https://access.redhat.com/security/cve/CVE-2014-0107 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0107 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-0107 advisory
- http://www.ocert.org/advisories/ocert-2014-002.html advisory
- https://access.redhat.com/security/cve/CVE-2014-0193 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0193 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-0193 advisory
- https://access.redhat.com/security/cve/CVE-2014-0363 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0363 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-0363 advisory
- https://access.redhat.com/security/cve/CVE-2014-0364 advisory
…and 2 more