CVE-2007-3716
Sun JDK and JRE < 6 - Remote Code Execution via XSLT Stylesheet Processing
Title source: llmDescription
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
References (14)
Core 14
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26933
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/473552/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/248
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/473553/100/0/threaded
Various Sources x_refsource_misc
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
Patch vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1
Various Sources x_refsource_misc
http://www.isecpartners.com/advisories/2007-04-dsig.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26031
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3009
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018365
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2492
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36664
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26631
Scores
EPSS
0.0482
EPSS Percentile
89.6%
Details
CWE
CWE-20
Status
published
Products (2)
sun/jdk
< 6
sun/jre
< 6
Published
Jul 11, 2007
Tracked Since
Feb 18, 2026