Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/30893 - | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 - | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm - | |
References | () http://www.securityfocus.com/bid/29988 - | |
References | () http://www.securitytracker.com/id?1020380 - | |
References | () http://www.vupen.com/english/advisories/2008/1967/references - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 - |
Information
Published : 2008-06-30 22:41
Updated : 2024-11-21 00:48
NVD link : CVE-2008-2945
Mitre link : CVE-2008-2945
CVE.ORG link : CVE-2008-2945
JSON object : View
Products Affected
sun
- java_system_access_manager
- java_system_identity_server
CWE
CWE-20
Improper Input Validation