Code Execution Vulnerability in Sun Java System Access Manager and Identity Server
CVE-2008-2945

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Server; Java System Access Manager
Vendor: CVE Published:; 30 June 2008

Summary

Certain versions of Sun Java System Access Manager and Identity Server have a flaw in the processing of XSLT stylesheets during XML signature verification. This weakness can be exploited by attackers who craft a malicious stylesheet, potentially leading to unauthorized execution of arbitrary code in a vulnerable environment.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

https://exchange.xforce.ibmcloud.com/vulnerabilities/43429

vdb-entryx_refsource_XF

http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 30, 2008
Vulnerability Reserved
Jun 30, 2008