CVE-2007-3715 Information

Description

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet a related issue to CVE-2007-3716.

Reference

http://osvdb.org/37248 http://secunia.com/advisories/26023 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1 http://www.isecpartners.com/advisories/2007-04-dsig.txt http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf http://www.securityfocus.com/archive/1/473552/100/0/threaded http://www.securityfocus.com/archive/1/473553/100/0/threaded http://www.securityfocus.com/bid/24850 http://www.vupen.com/english/advisories/2007/2493 http://www.vupen.com/english/advisories/2007/2785 https://exchange.xforce.ibmcloud.com/vulnerabilities/35335