漏洞信息详情
Apache Xalan 输入验证错误漏洞
- CNNVD编号:CNNVD-202207-1617
- 危害等级: 超危
- CVE编号: CVE-2022-34169
- 漏洞类型: 输入验证错误
- 发布时间: 2022-07-19
- 威胁类型: 远程
- 更新时间: 2022-08-05
- 厂 商:
- 漏洞来源:
漏洞简介
Apache Xalan是美国阿帕奇(Apache)基金会的开源软件库。
Apache Xalan Java XSLT库存在输入验证错误漏洞,该漏洞源于在处理恶意的XSLT样式表时,存在整数截断问题。这可以用来破坏由内部XSLTC编译器生成的Java类文件并执行任意的Java字节码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
参考网址
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5188
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20220729-0009/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujul2022.HTML
来源:MISC
链接:https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/5
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/6
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5192
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/2
来源:MISC
链接:https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/3
来源:cxsecurity.com
链接:https://cxsecurity.com/cveshow/CVE-2022-34169/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072630
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072143
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072550
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Xalan-Java-code-execution-via-XSLT-Stylesheets-38849
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072046
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2022-34169
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167952/Red-Hat-Security-Advisory-2022-5730-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167843/Red-Hat-Security-Advisory-2022-5681-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3684
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3598
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072404
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3753
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3830
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167869/Red-Hat-Security-Advisory-2022-5754-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3645
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072735
受影响实体
暂无
补丁
- Apache Xalan 输入验证错误漏洞的修复措施
评论