CVE-2008-2945

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

Published: Jul 1, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2945
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
sun / java_system_identity_server	6.2	6.2.x
sun / java_system_access_manager	7.1	7.1.x
sun / java_system_access_manager	6.3	6.3.x
sun / java_system_identity_server	6.1	6.1.x
sun / java_system_access_manager	7.0	7.0.x

http://secunia.com/advisories/30893
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1
http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm
http://www.securityfocus.com/bid/29988
http://www.securitytracker.com/id?1020380
http://www.vupen.com/english/advisories/2008/1967/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43429

Vulnerability Database

289,697

CVE-2008-2945