Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
BID:29988
Info
Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
| Bugtraq ID: | 29988 |
| Class: | Unknown |
| CVE: |
CVE-2008-2945 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 27 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Brad Hill of iSEC Partners |
| Vulnerable: |
Sun Java System Identity Manager 6.2 Solaris x86 Sun Java System Identity Manager 6.2 Solaris Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System Access Manager 7.1 Solaris SPARC Sun Java System Access Manager 7.1 Linux Sun Java System Access Manager 7.0 2005Q4 Windows Sun Java System Access Manager 7.0 2005Q4 Solaris x Sun Java System Access Manager 7.0 2005Q4 Solaris S Sun Java System Access Manager 7.0 2005Q4 Linux Sun Java System Access Manager 6.2 2004Q2 Solaris x Sun Java System Access Manager 6.2 2004Q2 Solaris S Sun Java System Access Manager 6.2 Sun Java System Access Manager 6 2005Q1 Solaris x86 Sun Java System Access Manager 6 2005Q1 Solaris SPA Sun Java System Access Manager 6 2005Q1 Linux |
| Not Vulnerable: | |
Discussion
Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
Sun Java System Access Manager is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the Access Manager application.
Sun Java System Access Manager is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the Access Manager application.
Exploit / POC
Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
Solution:
The vendor has released patches and an advisory. Please see the references for more information.
Solution:
The vendor has released patches and an advisory. Please see the references for more information.
References
Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
References:
References: