xalan-j

2014-04-17

Page content

Author: kikadf
Vulnerable: 2.7.1-2
Unaffected: 2.7.1-3arcturus1

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107