9.3

CVE-2007-3716

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Updateupdate_1 Version <= 6
SunJre Updateupdate_1 Version <= 6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.55% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://dev2dev.bea.com/pub/advisory/248
http://secunia.com/advisories/26631
Vendor Advisory
http://secunia.com/advisories/26933
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
http://www.vupen.com/english/advisories/2007/3009
Vendor Advisory
http://www.isecpartners.com/advisories/2007-04-dsig.txt
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
http://www.securityfocus.com/archive/1/473552/100/0/threaded
http://www.securityfocus.com/archive/1/473553/100/0/threaded
http://osvdb.org/36664
http://secunia.com/advisories/26031
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1
Patch
http://www.securitytracker.com/id?1018365
http://www.vupen.com/english/advisories/2007/2492
Vendor Advisory