Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
oryginał ENAV:N/AC:L/Au:N/C:P/I:P/A:PSun Java System Access Manager
APPSun6.37.07.1Sun Java System Identity Server
APPSun6.16.2
Powiązane podatności
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as...
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and conf...
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does...
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypa...
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows rem...