CVE-2007-3715

EPSS 1.21%
Veröffentlicht 11.07.2007 23:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Java System Application Server Version8.2 Editionenterprise

Sun ≫ Java System Application Server Version8.2 Editionenterprise_linux

Sun ≫ Java System Application Server Version8.2 Editionenterprise_sparc

Sun ≫ Java System Application Server Version8.2 Editionenterprise_windows

Sun ≫ Java System Application Server Version8.2 Editionenterprise_x86

Sun ≫ Java System Application Server Version8.2 Editionplatform

Sun ≫ Java System Application Server Version8.2 Editionplatform_linux

Sun ≫ Java System Application Server Version8.2 Editionplatform_sparc

Sun ≫ Java System Application Server Version8.2 Editionplatform_windows

Sun ≫ Java System Application Server Version8.2 Editionplatform_x86

Sun ≫ Java System Application Server Version9.0 Editionplatform

Sun ≫ Java System Application Server Version9.0 Editionplatform_linux

Sun ≫ Java System Application Server Version9.0 Editionplatform_sparc

Sun ≫ Java System Application Server Version9.0 Editionplatform_windows

Sun ≫ Java System Application Server Version9.0 Editionplatform_x86

Sun ≫ Java System Web Server Version7.0

Sun ≫ Java System Web Server Version7.0 Editionhp_ux

Sun ≫ Java System Web Server Version7.0 Editionlinux

Sun ≫ Java System Web Server Version7.0 Editionsparc

Sun ≫ Java System Web Server Version7.0 Editionwindows

Sun ≫ Java System Web Server Version7.0 Editionx86

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.21%	0.781

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/37248

http://secunia.com/advisories/26023

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1

Patch

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1

Vendor Advisory

http://www.isecpartners.com/advisories/2007-04-dsig.txt

http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf

http://www.securityfocus.com/archive/1/473552/100/0/threaded

http://www.securityfocus.com/archive/1/473553/100/0/threaded