7.5
CVE-2008-2945
- EPSS 2.8%
- Veröffentlicht 30.06.2008 22:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sun ≫ Java System Access Manager Version6.3
Sun ≫ Java System Access Manager Version7.0
Sun ≫ Java System Access Manager Version7.1
Sun ≫ Java System Identity Server Version6.1
Sun ≫ Java System Identity Server Version6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.8% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/30893
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1
http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm
http://www.securityfocus.com/bid/29988
http://www.securitytracker.com/id?1020380
http://www.vupen.com/english/advisories/2008/1967/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43429