CVE-2008-2945
Summary
| CVE | CVE-2008-2945 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-06-30 22:41:00 UTC |
| Updated | 2017-08-08 01:31:00 UTC |
| Description | Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sun | Java System Access Manager | 6.3 | All | All | All |
| Application | Sun | Java System Access Manager | 7.0 | All | All | All |
| Application | Sun | Java System Access Manager | 7.1 | All | All | All |
| Application | Sun | Java System Access Manager | 6.3 | All | All | All |
| Application | Sun | Java System Access Manager | 7.0 | All | All | All |
| Application | Sun | Java System Access Manager | 7.1 | All | All | All |
| Application | Sun | Java System Identity Server | 6.1 | All | All | All |
| Application | Sun | Java System Identity Server | 6.2 | All | All | All |
| Application | Sun | Java System Identity Server | 6.1 | All | All | All |
| Application | Sun | Java System Identity Server | 6.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| 201538 | SUNALERT | sunsolve.sun.com | |
| ASA-2008-294 (SUN 201538) | CONFIRM | support.avaya.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Sun Java System Access Manager XSLT Stylesheet Processing Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Sun Java System Access Manager XML Signature Processing Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.