CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-0249

HIGH
7.2
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile28.12th
Published2017年7月17日
Last Modified2026年5月13日

Vulnerability Description

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).

Affected Platforms (CPE)

📦
Apache

Roller

= 5.1.0
📦
Apache

Roller

= 5.1.1

References & Advisories

🔗 http://cve.killedkenny.io/cve/CVE-2015-0249
🔗 http://www.openwall.com/lists/oss-security/2015/03/30/13
🔗 https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E
🔗 http://cve.killedkenny.io/cve/CVE-2015-0249
🔗 http://www.openwall.com/lists/oss-security/2015/03/30/13
🔗 https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E

相關漏洞威脅

CVE-2018-171989.8

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio...

CVE-2014-00309.8

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspe...

CVE-2021-335807.5

User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run...

CVE-2016-71627.5

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitr...