SID 1:51184

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Xalan-Java secure processing bypass attempt

Rule Explanation

This event is generated when a potentially malicious XSL document targeting Xalan-Java is detected. Impact: Attempted Administrator Privilege Gain Details: A deficiency exists within Xalan Java < 2.7.2 which could allow bypassing security features. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

Known false positives, with the described conditions

A false positive may occur if Xalan Java is not running in secure processing mode.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2014-0107

Additional Links

ocert.org/advisories/ocert-2014-002.html

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2014-0107
 Loading description