CVE-2007-4289

Name of the Vulnerable Software and Affected Versions Sun Java System Portal Server version 7.0

Description The issue arises from improper processing of XSLT stylesheets in XSLT transforms within XML signatures, allowing context-dependent attackers to execute arbitrary Java methods via a crafted stylesheet.

Recommendations For Sun Java System Portal Server version 7.0, consider restricting the use of XSLT transforms in XML signatures until a proper fix is applied. As a temporary workaround, carefully validate and sanitize all XSLT stylesheets to prevent the execution of malicious Java methods.