Vulnerability Description
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Application Server | 8.2 |
| Sun | Java System Web Server | 7.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37248
- http://secunia.com/advisories/26023Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1PatchVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1Vendor Advisory
- http://www.isecpartners.com/advisories/2007-04-dsig.txt
- http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
- http://www.securityfocus.com/archive/1/473552/100/0/threaded
- http://www.securityfocus.com/archive/1/473553/100/0/threaded
- http://www.securityfocus.com/bid/24850Patch
- http://www.vupen.com/english/advisories/2007/2493Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2785Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35335
- http://osvdb.org/37248
- http://secunia.com/advisories/26023Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1PatchVendor Advisory
FAQ
What is CVE-2007-3715?
CVE-2007-3715 is a vulnerability with a CVSS score of 9.3 (HIGH). Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attacker...
How severe is CVE-2007-3715?
CVE-2007-3715 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3715?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Application Server, Sun Java System Web Server.