JVNDB-2015-001716

JVNDB-2015-001716
Apache Standard Taglibs �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽC�ｽﾓのコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性
�ｽT�ｽv
Apache Standard Taglibs �ｽﾉは、�ｽC�ｽﾓのコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽA�ｽﾜゑｿｽ�ｽ�ｽ XML �ｽO�ｽ�ｽ�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB (XXE) �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB �ｽ竭ｫ�ｽ�ｽ�ｽ : CWE �ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽﾍ、CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML �ｽO�ｽ�ｽ�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB�ｽQ�ｽﾆの不�ｽK�ｽﾘな撰ｿｽ�ｽ�ｽ) �ｽﾆ趣ｿｽ�ｽﾊゑｿｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB http://cwe.mitre.org/data/definitions/611.html
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v2 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 7.5 (�ｽ�ｯ) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽO�ｽﾌ認�ｽﾘ要�ｽ�ｽ: �ｽs�ｽv �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽ�ｽ�ｽ�ｽ�ｽI �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽ�ｽ�ｽ�ｽ�ｽI �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽ�ｽ�ｽ�ｽ�ｽI
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

Apache Software Foundation Apache Standard Taglibs 1.2.3 �ｽ�ｽ�ｽ�ｽ �ｽ�ｽ�ｽ�ｽ Cosminexus Component Container uCosminexus Application Server uCosminexus Application Server (64) uCosminexus Application Server -R uCosminexus Developer uCosminexus Primary Server Base uCosminexus Primary Server Base(64) uCosminexus Service Architect uCosminexus Service Platform uCosminexus Service Platform (64)
�ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽi�ｽﾌ詳細につゑｿｽ�ｽﾄは、�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ HS16-016 �ｽ�ｽ�ｽ�ｽ�ｽm�ｽF�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽ�ｽO�ｽﾒにゑｿｽ�ｽAJSTL XML �ｽ^�ｽO�ｽﾌ巧�ｽ�ｽ�ｽﾉ細工�ｽ�ｽ�ｽ黷ｽ XSLT �ｽG�ｽN�ｽX�ｽe�ｽ�ｽ�ｽV�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ薰ｵ�ｽﾄ、�ｽC�ｽﾓのコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽA�ｽﾜゑｿｽ�ｽ�ｽ XML �ｽO�ｽ�ｽ�ｽG�ｽ�ｽ�ｽe�ｽB�ｽe�ｽB (XXE) �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
Apache Software Foundation Mailing list archives : [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : HS16-016 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : HS16-016
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽﾌ托ｿｽ(CWE-Other) [NVD�ｽ]�ｽ�ｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2015-0254
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2015-0254
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2015�ｽN03�ｽ�ｽ11�ｽ�ｽ] �ｽf�ｽ�ｽ [2016�ｽN06�ｽ�ｽ01�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (HS16-016) �ｽ�ｽﾇ会ｿｽ


�ｽ�ｽ�ｽ\�ｽ�ｽ	2015/02/27
�ｽo�ｽ^�ｽ�ｽ	2015/03/11
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2016/06/01

Apache Standard Taglibs �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽC�ｽﾓのコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性