CVE-2008-2945

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Server; Java System Access Manager
Vendor: CVE Published:; 30 June 2008

Summary

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

https://exchange.xforce.ibmcloud.com/vulnerabilities/43429

vdb-entryx_refsource_XF

http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 30, 2008
Vulnerability Reserved
Jun 30, 2008