IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects Liberty for Java for IBM Bluemix (CVE-2015-0254)

There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server.

CVE(s): CVE-2015-0254

Affected product(s) and affected version(s):

This vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v2.9.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28RLLdK
X-Force Database: http://ift.tt/1syxSqm



from IBM Product Security Incident Response Team http://ift.tt/28RLqb1