Lucene search

K
cve[email protected]CVE-2007-3716
HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3716

2007-07-1123:30:00
CWE-20
web.nvd.nist.gov
29
java
xml
digital signature
sun
jdk
jre
vulnerability
cve-2007-3716
xslt
code execution

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

88.1%

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

CPENameOperatorVersion
sun:jresun jrele6
sun:jdksun jdkle6

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

88.1%