CVE-2007-3715

critical

Description

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35335

http://www.vupen.com/english/advisories/2007/2785

http://www.vupen.com/english/advisories/2007/2493

http://www.securityfocus.com/bid/24850

http://www.securityfocus.com/archive/1/473553/100/0/threaded

http://www.securityfocus.com/archive/1/473552/100/0/threaded

http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf

http://www.isecpartners.com/advisories/2007-04-dsig.txt

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1

http://secunia.com/advisories/26023

http://osvdb.org/37248

Details

Source: Mitre, NVD

Published: 2007-07-11

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical