Описание
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_server:6.2:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00895
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
EPSS
Процентиль: 75%
0.00895
Низкий
7.5 High
CVSS2
Дефекты
CWE-20