Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2014-0096

Published

9 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

Impact Analysis

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.49:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.12:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.20:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.34:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.8:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.1:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.2:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.5:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.22:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.39:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.26:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.46:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.28:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.0:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.50:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.6:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.18:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.14:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.48:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.11:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.23:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.44:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.7:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.52:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.42:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.37:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.29:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.45:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.13:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.47:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.41:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.31:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.30:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.15:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.19:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.16:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.10:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.36:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.25:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.35:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.43:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.32:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.38:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.21:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.27:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.24:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.17:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.40:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.9:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.4:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.3:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:7.0.33:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.1:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.3:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.33:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.6:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.11:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat::::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.7:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.4:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.15:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.20:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.10:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.31:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.29:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.3:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.9:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.24:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.37:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.17:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.32:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.28:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.0:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.14:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.1:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.12:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.18:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.5:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.30:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.2:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.13:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.26:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.19:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.27:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.35:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.16:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.36:::::::*	Yes	-	-
cpe:2.3:a:apache:tomcat:6.0.8:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2014-0096

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2014-0096

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References