CVE-2007-3715

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server; Java System Web Server
Vendor: CVE Published:; 11 July 2007

Summary

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

References

http://www.securityfocus.com/archive/1/473552/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/26023

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/473553/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 11, 2007
Vulnerability Reserved
Jul 11, 2007