| ID |
CVE-2007-4289
|
| Summary |
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 6.8 (as of 10-08-2007 - 12:35) |
| Impact: | |
| Exploitability: | |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| nessus
via4
|
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS8_121913.NASL | | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09 | | last seen | 2018-09-01 | | modified | 2014-08-30 | | plugin id | 27053 | | published | 2007-10-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27053 | | title | Solaris 8 (sparc) : 121913-20 |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS9_121913.NASL | | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09 | | last seen | 2018-09-02 | | modified | 2014-08-30 | | plugin id | 27018 | | published | 2007-10-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27018 | | title | Solaris 9 (sparc) : 121913-20 |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS8_X86_121914.NASL | | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09 | | last seen | 2018-09-01 | | modified | 2014-08-30 | | plugin id | 27014 | | published | 2007-10-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27014 | | title | Solaris 8 (x86) : 121914-20 |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS9_X86_121914.NASL | | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09 | | last seen | 2018-09-02 | | modified | 2014-08-30 | | plugin id | 27030 | | published | 2007-10-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27030 | | title | Solaris 9 (x86) : 121914-20 |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_X86_121914.NASL | | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09
This plugin has been deprecated and either replaced with individual 121914 patch-revision plugins, or deemed non-security related. | | last seen | 2019-02-21 | | modified | 2018-07-30 | | plugin id | 26994 | | published | 2007-10-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=26994 | | title | Solaris 10 (x86) : 121914-20 (deprecated) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_121913.NASL | | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09
This plugin has been deprecated and either replaced with individual 121913 patch-revision plugins, or deemed non-security related. | | last seen | 2019-02-21 | | modified | 2018-07-30 | | plugin id | 26982 | | published | 2007-10-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=26982 | | title | Solaris 10 (sparc) : 121913-20 (deprecated) |
|
| refmap
via4
|
| bugtraq | 20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption | | misc | | | sectrack | 1018513 | | secunia | 26327 | | sunalert | 103015 | | xf | sun-jsps-xslt-code-execution(35811) |
|
| Last major update |
05-09-2008 - 17:27 |
| Published |
09-08-2007 - 17:17 |
| Last modified |
15-10-2018 - 17:34 |
