CVE-2008-2945

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_server:6.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:48

Type Values Removed Values Added
References () http://secunia.com/advisories/30893 - () http://secunia.com/advisories/30893 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 -
References () http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm - () http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm -
References () http://www.securityfocus.com/bid/29988 - () http://www.securityfocus.com/bid/29988 -
References () http://www.securitytracker.com/id?1020380 - () http://www.securitytracker.com/id?1020380 -
References () http://www.vupen.com/english/advisories/2008/1967/references - () http://www.vupen.com/english/advisories/2008/1967/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 -

Information

Published : 2008-06-30 22:41

Updated : 2024-11-21 00:48


NVD link : CVE-2008-2945

Mitre link : CVE-2008-2945

CVE.ORG link : CVE-2008-2945


JSON object : View

Products Affected

sun

  • java_system_access_manager
  • java_system_identity_server
CWE
CWE-20

Improper Input Validation