ID |
CVE-2007-4289
|
Summary |
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 6.8 (as of 10-08-2007 - 12:35) |
Impact: | |
Exploitability: | |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
nessus
via4
|
NASL family | Solaris Local Security Checks | NASL id | SOLARIS10_121913.NASL | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09
This plugin has been deprecated and either replaced with individual
121913 patch-revision plugins, or deemed non-security related. | last seen | 2019-01-16 | modified | 2018-07-30 | plugin id | 26982 | published | 2007-10-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=26982 | title | Solaris 10 (sparc) : 121913-20 (deprecated) |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS8_X86_121914.NASL | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09 | last seen | 2018-09-01 | modified | 2014-08-30 | plugin id | 27014 | published | 2007-10-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=27014 | title | Solaris 8 (x86) : 121914-20 |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS10_X86_121914.NASL | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09
This plugin has been deprecated and either replaced with individual
121914 patch-revision plugins, or deemed non-security related. | last seen | 2019-01-16 | modified | 2018-07-30 | plugin id | 26994 | published | 2007-10-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=26994 | title | Solaris 10 (x86) : 121914-20 (deprecated) |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS8_121913.NASL | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09 | last seen | 2018-09-01 | modified | 2014-08-30 | plugin id | 27053 | published | 2007-10-15 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=27053 | title | Solaris 8 (sparc) : 121913-20 |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS9_X86_121914.NASL | description | Portal Server 7.0: Miscellaneous Fixes _x86.
Date this patch was last updated by Sun : Jun/26/09 | last seen | 2018-09-02 | modified | 2014-08-30 | plugin id | 27030 | published | 2007-10-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=27030 | title | Solaris 9 (x86) : 121914-20 |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS9_121913.NASL | description | Portal Server 7.0: Miscellaneous Fixes.
Date this patch was last updated by Sun : Jun/26/09 | last seen | 2018-09-02 | modified | 2014-08-30 | plugin id | 27018 | published | 2007-10-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=27018 | title | Solaris 9 (sparc) : 121913-20 |
|
refmap
via4
|
bugtraq | 20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption | misc | | sectrack | 1018513 | secunia | 26327 | sunalert | 103015 | xf | sun-jsps-xslt-code-execution(35811) |
|
Last major update |
05-09-2008 - 17:27 |
Published |
09-08-2007 - 17:17 |
Last modified |
15-10-2018 - 17:34 |