9.3

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava System Application Server Version8.2 Editionenterprise
SunJava System Application Server Version8.2 Editionenterprise_linux
SunJava System Application Server Version8.2 Editionenterprise_sparc
SunJava System Application Server Version8.2 Editionenterprise_windows
SunJava System Application Server Version8.2 Editionenterprise_x86
SunJava System Application Server Version8.2 Editionplatform
SunJava System Application Server Version8.2 Editionplatform_linux
SunJava System Application Server Version8.2 Editionplatform_sparc
SunJava System Application Server Version8.2 Editionplatform_windows
SunJava System Application Server Version8.2 Editionplatform_x86
SunJava System Application Server Version9.0 Editionplatform
SunJava System Application Server Version9.0 Editionplatform_linux
SunJava System Application Server Version9.0 Editionplatform_sparc
SunJava System Application Server Version9.0 Editionplatform_windows
SunJava System Application Server Version9.0 Editionplatform_x86
SunJava System Web Server Version7.0
SunJava System Web Server Version7.0 Editionhp_ux
SunJava System Web Server Version7.0 Editionlinux
SunJava System Web Server Version7.0 Editionsparc
SunJava System Web Server Version7.0 Editionwindows
SunJava System Web Server Version7.0 Editionx86
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/37248
http://secunia.com/advisories/26023
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1
Vendor Advisory
http://www.isecpartners.com/advisories/2007-04-dsig.txt
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
http://www.securityfocus.com/archive/1/473552/100/0/threaded
http://www.securityfocus.com/archive/1/473553/100/0/threaded
http://www.securityfocus.com/bid/24850
Patch
http://www.vupen.com/english/advisories/2007/2493
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2785
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35335