ID CVE-2007-4289
Summary Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
References
Vulnerable Configurations
  • Sun Java System Portal Server 7.0
    cpe:2.3:a:sun:java_system_portal_server:7.0
CVSS
Base: 6.8 (as of 10-08-2007 - 12:35)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_121913.NASL
    description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27053
    published 2007-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27053
    title Solaris 8 (sparc) : 121913-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_121913.NASL
    description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 27018
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27018
    title Solaris 9 (sparc) : 121913-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_121914.NASL
    description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27014
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27014
    title Solaris 8 (x86) : 121914-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_121914.NASL
    description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 27030
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27030
    title Solaris 9 (x86) : 121914-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121914.NASL
    description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09 This plugin has been deprecated and either replaced with individual 121914 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 26994
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26994
    title Solaris 10 (x86) : 121914-20 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121913.NASL
    description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09 This plugin has been deprecated and either replaced with individual 121913 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 26982
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26982
    title Solaris 10 (sparc) : 121913-20 (deprecated)
refmap via4
bugtraq 20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption
misc
sectrack 1018513
secunia 26327
sunalert 103015
xf sun-jsps-xslt-code-execution(35811)
Last major update 05-09-2008 - 17:27
Published 09-08-2007 - 17:17
Last modified 15-10-2018 - 17:34
Back to Top