CVE-2008-2945

critical

Description

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43429

http://www.vupen.com/english/advisories/2008/1967/references

http://www.securitytracker.com/id?1020380

http://www.securityfocus.com/bid/29988

http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1

http://secunia.com/advisories/30893

Details

Source: Mitre, NVD

Published: 2008-06-30

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00895