PT-2008-4382 · Sun · Sun Java System Access Manager+1

Published

2008-06-30

Updated

2017-08-08

CVE-2008-2945

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-2945

Affected Products

Sun Java System Access Manager

Java System Identity Server

PT-2008-4382 · Sun · Sun Java System Access Manager+1

CVE-2008-2945

Weakness Enumeration

Related Identifiers

Affected Products

References · 8