CVE-2008-2945

HIGH

Description

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

References

http://secunia.com/advisories/30893

http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1

http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm

http://www.securityfocus.com/bid/29988

http://www.securitytracker.com/id?1020380

http://www.vupen.com/english/advisories/2008/1967/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43429

Details

Source: MITRE

Published: 2008-06-30

Updated: 2017-08-08

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH