PT-2007-4962 · Sun+1 · Sun Jdk+2
Published
2007-07-11
·
Updated
2018-10-15
·
CVE-2007-3716
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sun JDK and JRE 6 versions prior to Update 2
Description
The Java XML Digital Signature implementation does not properly process XSLT stylesheets in XSLT transforms in XML signatures. This allows context-dependent attackers to execute arbitrary code via a crafted stylesheet.
Recommendations
For Sun JDK and JRE 6 versions prior to Update 2, update to a version that includes the necessary security patches to resolve the issue. As a temporary workaround, consider restricting the use of XSLT stylesheets in XML signatures to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Java Platform
Sun Jdk
Sun Jre