漏洞信息详情
Apache Xalan 输入验证错误漏洞
- CNNVD编号:CNNVD-202207-1617
- 危害等级: 高危
- CVE编号: CVE-2022-34169
- 漏洞类型: 输入验证错误
- 发布时间: 2022-07-19
- 威胁类型:
- 更新时间: 2022-07-28
- 厂 商:
- 漏洞来源:
漏洞简介
Apache Xalan是美国阿帕奇(Apache)基金会的开源软件库。
Apache Xalan Java XSLT库存在输入验证错误漏洞,该漏洞源于在处理恶意的XSLT样式表时,存在整数截断问题。这可以用来破坏由内部XSLTC编译器生成的Java类文件并执行任意的Java字节码。Apache Xalan Java项目已处于休眠状态并正在退出。预计将来不会有解决这个问题的Apache Xalan Java版本。注意:Java 运行时(例如 OpenJDK)包括重新打包的 Xalan 副本。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
参考网址
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5188
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujul2022.HTML
来源:MISC
链接:https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/5
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/6
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5192
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/2
来源:MISC
链接:https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/3
来源:cxsecurity.com
链接:https://cxsecurity.com/cveshow/CVE-2022-34169/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072630
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072143
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072550
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Xalan-Java-code-execution-via-XSLT-Stylesheets-38849
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072046
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2022-34169
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167843/Red-Hat-Security-Advisory-2022-5681-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3684
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3598
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072404
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3645
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072735
受影响实体
暂无
补丁
- Apache Xalan 输入验证错误漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论