X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102992 Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server

Guest Author
Product: Sun Java System Application Server Standard Edition 8.2, Sun Java System Application Server Enterprise Edition 8.2, Sun Java System Application Server Platform Edition 9.0 Update 1, Sun Java System Application Server PE 9 , Sun Java System Web Server 7.0

Certain releases of Sun Java System Application Server and Sun Java System Web Server (listed in "Contributing Factors") do not securely process XSLT stylesheets contained in XSLT Transforms in XML Signatures. This could allow malicious XLST stylesheets to be executed which may, for example, allow execution of an arbitrary Java method.

Sun acknowledges, with thanks, Brad Hill of iSEC Partners, for bringing this issue to our attention.

Avoidance: Patch
State: Resolved
First released: 10-Jul-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.