CVE-2007-3716

Name of the Vulnerable Software and Affected Versions Sun JDK and JRE 6 versions prior to Update 2

Description The Java XML Digital Signature implementation does not properly process XSLT stylesheets in XSLT transforms in XML signatures. This allows context-dependent attackers to execute arbitrary code via a crafted stylesheet.

Recommendations For Sun JDK and JRE 6 versions prior to Update 2, update to a version that includes the necessary security patches to resolve the issue. As a temporary workaround, consider restricting the use of XSLT stylesheets in XML signatures to minimize the risk of exploitation.