Code Execution Vulnerability in Sun Java System Access Manager and Identity Server
CVE-2008-2945
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 30 June 2008
Summary
Certain versions of Sun Java System Access Manager and Identity Server have a flaw in the processing of XSLT stylesheets during XML signature verification. This weakness can be exploited by attackers who craft a malicious stylesheet, potentially leading to unauthorized execution of arbitrary code in a vulnerable environment.
References
Timeline
Vulnerability published
Vulnerability Reserved