漏洞信息详情
Apache Xalan 输入验证错误漏洞
- CNNVD编号:CNNVD-202207-1617
- 危害等级: 高危
- CVE编号: CVE-2022-34169
- 漏洞类型: 输入验证错误
- 发布时间: 2022-07-19
- 威胁类型: 远程
- 更新时间: 2022-09-14
- 厂 商:
- 漏洞来源:
漏洞简介
Apache Xalan是美国阿帕奇(Apache)基金会的开源软件库。
Apache Xalan Java XSLT库存在输入验证错误漏洞,该漏洞源于在处理恶意的XSLT样式表时,存在整数截断问题。这可以用来破坏由内部XSLTC编译器生成的Java类文件并执行任意的Java字节码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
参考网址
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5188
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/2
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/20/3
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/H4YNjsJ64NPCNKFPNBYITNZU5H3L4D6L/
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20220729-0009/
来源:MISC
链接:https://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.HTML
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujul2022.HTML
来源:MISC
链接:https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/5
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2022/07/19/6
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5192
来源:MISC
链接:https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072630
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/168019/Red-Hat-Security-Advisory-2022-5879-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/168327/Red-Hat-Security-Advisory-2022-6263-01.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072550
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Xalan-Java-code-execution-via-XSLT-Stylesheets-38849
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3918
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.4150
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167843/Red-Hat-Security-Advisory-2022-5681-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.4134
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3684
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3982
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072404
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167869/Red-Hat-Security-Advisory-2022-5754-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3645
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.4436
来源:cxsecurity.com
链接:https://cxsecurity.com/cveshow/CVE-2022-34169/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072143
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072046
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2022-34169
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167952/Red-Hat-Security-Advisory-2022-5730-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/168136/Red-Hat-Security-Advisory-2022-6053-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167979/Ubuntu-Security-Notice-USN-5546-2.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.4245
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3598
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3873
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3753
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.3830
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072735
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.4304
受影响实体
暂无
补丁
- Apache Xalan 输入验证错误漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论