Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu,  2 Oct 2014 13:08:30 -0400 (EDT)
From: cve-assign@...re.org
To: djorm@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Remote code execution via XSL extensions in SpagoBI

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://www.spagoworld.org/jira/browse/SPAGOBI-1885
> 1) FEATURE_SECURE_PROCESSING is not set. This means an attacker can
> provide an XSL document with embedded Java code, which will be executed
> on the server.

Use CVE-2014-7296.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJULYYgAAoJEKllVAevmvmsMRYH/2icsp5j32o0DkGbe1veePbE
5nN/OXV6xjXXjaiP9wi7zDO5f73cp68j9VBHv5EmNprMQIPdYR0h9FEjcC4bkORc
QP01QFEZ0J8Gnkf8MxqyhlUfdVtb3xlEZEf3rfQHF5kWa+MulwJNkvILEiwDAMtQ
T8gg+/2DcXD6pPWVHv5p5PgxfEGIjlB35Un0ZNHgkdgHCTE+pFpUSfxMd4XkPab3
r4WWWXcwtcA5QsXq/038DL1LpP2ddRDBGumka9e5K9d+/7hvf175Jw7k3YrjPWI4
bUKZgVvFuQq5yodc+NhgdoUITeUJKLEN3567e8JgF7yDaJjKGYZZHt51Xjo34wI=
=jKBL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.