| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServerPages (JSP) technologies.It was found that, in certain circumstances, it was possible for amalicious web application to replace the XML parsers used by Apache Tomcatto process XSLTs for the default servlet, JSP documents, tag librarydescriptors (TLDs), and tag plug-in configuration files. The injected XMLparser(s) could then bypass the limits imposed on XML external entitiesand/or gain access to the XML files processed for other web applicationsdeployed on the same Apache Tomcat instance. (CVE-2014-0119)All Tomcat users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. Tomcat must be restartedfor this update to take effect. |