Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2945

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2945
Last Modified 07 Mar 2011 10:09:59
Published 30 Jun 2008 06:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2945

Summary

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

Vulnerable Systems

Application

  • Sun Java System Access Manager 6.3

  • Sun Java System Access Manager 7.0

  • Sun Java System Access Manager 7.1

  • Sun Java System Identity Server 6.1

  • Sun Java System Identity Server 6.2


References

XF - sun-jsam-xslt-code-execution(43429)

VUPEN - ADV-2008-1967

SECTRACK - 1020380

BID - 29988

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm

SUNALERT - 201538

SECUNIA - 30893


Last Updated: 27 May 2016 10:48:02