Code Execution Vulnerability in Sun Java System Access Manager and Identity Server
CVE-2008-2945

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
30 June 2008

Summary

Certain versions of Sun Java System Access Manager and Identity Server have a flaw in the processing of XSLT stylesheets during XML signature verification. This weakness can be exploited by attackers who craft a malicious stylesheet, potentially leading to unauthorized execution of arbitrary code in a vulnerable environment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.