VDB
RHSA-2016%3A0125
RHSA-2016%3A0125
PUBLISHED
CVSS 7.599999904632568 HIGH
It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.
Risk Scores
CVSS 3.0
7.599999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.4 |
Timeline
- Feb 4, 2016 CVE Published
- Jan 28, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2016:0125 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 advisory
- https://access.redhat.com/solutions/1584363 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1198606 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0125.json advisory
- https://access.redhat.com/security/cve/CVE-2015-0254 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-0254 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-0254 advisory