Arbitrary Code Execution Vulnerability in Sun Java System Portal Server 7.0
CVE-2007-4289

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Portal Server
Vendor: CVE Published:; 9 August 2007

What is CVE-2007-4289?

A vulnerability in Sun Java System Portal Server 7.0 is present due to improper processing of XSLT stylesheets during XML signature transformations. This flaw enables context-dependent attackers to exploit the system and execute arbitrary Java methods by delivering specially crafted XSLT stylesheets. This issue is related to the insufficient validation mechanisms employed within the server, leading to security weaknesses that can be further exploited.

References

http://www.securityfocus.com/archive/1/473553/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.isecpartners.com/files/XMLDSIG_Command_Injecti...

x_refsource_MISC

http://secunia.com/advisories/26327

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Aug 9, 2007
Vulnerability Reserved
Aug 9, 2007

Oracle

What is CVE-2007-4289?

References

Timeline