CVE-2014-0107
Access Restriction Bypass vulnerability in xalan (Maven)
What is CVE-2014-0107 About?
This vulnerability exists in Apache Xalan-Java's TransformerFactory, allowing it to improperly restrict access to specific properties even when security features are enabled. Attackers can leverage crafted properties to load arbitrary classes or access external resources. This flaw represents a significant security bypass, which can be exploited by providing malicious XSLT input.
Affected Software
Technical Details
The TransformerFactory in Apache Xalan-Java versions prior to 2.7.2 fails to adequately restrict access to particular properties, such as 'xalan:content-header', 'xalan:entities', 'xslt:content-header', 'xslt:entities', or Java properties bound to the XSLT 1.0 system-property function, even when FEATURE_SECURE_PROCESSING is enabled. This oversight allows a remote attacker, by providing a specially crafted XSLT stylesheet, to manipulate these properties. By doing so, the attacker can force the TransformerFactory to load arbitrary classes from external sources or access local files, thereby bypassing the intended security restrictions designed to prevent such actions in a secure processing environment.
What is the Impact of CVE-2014-0107?
Successful exploitation may allow attackers to execute arbitrary code, access sensitive files, or compromise system integrity.
What is the Exploitability of CVE-2014-0107?
Exploitation of this vulnerability involves crafting a malicious XSLT stylesheet. The complexity is moderate, requiring knowledge of XSLT and the specific properties that can be manipulated. No authentication or special privileges are needed if an attacker can provide the XSLT input to an application using the vulnerable TransformerFactory. This is typically a remote attack scenario, where an attacker sends a crafted XML/XSLT document. The key constraint is the ability to submit arbitrary XSLT content to a system processing it with Xalan-Java, making it highly dependent on the application's input validation. The likelihood of exploitation increases if an application widely accepts XSLT input without strong sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2014-0107?
Available Upgrade Options
- xalan:xalan
- <2.7.2 → Upgrade to 2.7.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2014-0107
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://www.ibm.com/support/docview.wss?uid=swg21677967
- http://rhn.redhat.com/errata/RHSA-2014-1351.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21680703
- https://osv.dev/vulnerability/GHSA-rc2w-r4jq-7pfx
- http://www-01.ibm.com/support/docview.wss?uid=swg21681933
- http://www.debian.org/security/2014/dsa-2886
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
What are Similar Vulnerabilities to CVE-2014-0107?
Similar Vulnerabilities: CVE-2017-1000164 , CVE-2017-1000165 , CVE-2017-1000166 , CVE-2017-1000139 , CVE-2017-1000140
