oss-sec mailing list archives
Re: CVE request: Remote code execution via XSL extensions in SpagoBI
From: cve-assign () mitre org
Date: Thu, 2 Oct 2014 13:08:30 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://www.spagoworld.org/jira/browse/SPAGOBI-1885 1) FEATURE_SECURE_PROCESSING is not set. This means an attacker can provide an XSL document with embedded Java code, which will be executed on the server.
Use CVE-2014-7296. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJULYYgAAoJEKllVAevmvmsMRYH/2icsp5j32o0DkGbe1veePbE 5nN/OXV6xjXXjaiP9wi7zDO5f73cp68j9VBHv5EmNprMQIPdYR0h9FEjcC4bkORc QP01QFEZ0J8Gnkf8MxqyhlUfdVtb3xlEZEf3rfQHF5kWa+MulwJNkvILEiwDAMtQ T8gg+/2DcXD6pPWVHv5p5PgxfEGIjlB35Un0ZNHgkdgHCTE+pFpUSfxMd4XkPab3 r4WWWXcwtcA5QsXq/038DL1LpP2ddRDBGumka9e5K9d+/7hvf175Jw7k3YrjPWI4 bUKZgVvFuQq5yodc+NhgdoUITeUJKLEN3567e8JgF7yDaJjKGYZZHt51Xjo34wI= =jKBL -----END PGP SIGNATURE-----
Current thread:
- CVE request: Remote code execution via XSL extensions in SpagoBI David Jorm (Oct 01)
- Re: CVE request: Remote code execution via XSL extensions in SpagoBI Kurt Seifried (Oct 01)
- Re: CVE request: Remote code execution via XSL extensions in SpagoBI cve-assign (Oct 02)