Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-3715
HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3715

2007-07-1123:30:00
CWE-20
[email protected]
web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

Affected configurations

NVD
Node
sunjava_system_application_serverMatch8.2enterprise
OR
sunjava_system_application_serverMatch8.2enterprise_linux
OR
sunjava_system_application_serverMatch8.2enterprise_sparc
OR
sunjava_system_application_serverMatch8.2enterprise_windows
OR
sunjava_system_application_serverMatch8.2enterprise_x86
OR
sunjava_system_application_serverMatch8.2platform
OR
sunjava_system_application_serverMatch8.2platform_linux
OR
sunjava_system_application_serverMatch8.2platform_sparc
OR
sunjava_system_application_serverMatch8.2platform_windows
OR
sunjava_system_application_serverMatch8.2platform_x86
OR
sunjava_system_application_serverMatch9.0platform
OR
sunjava_system_application_serverMatch9.0platform_linux
OR
sunjava_system_application_serverMatch9.0platform_sparc
OR
sunjava_system_application_serverMatch9.0platform_windows
OR
sunjava_system_application_serverMatch9.0platform_x86
OR
sunjava_system_web_serverMatch7.0
OR
sunjava_system_web_serverMatch7.0hp_ux
OR
sunjava_system_web_serverMatch7.0linux
OR
sunjava_system_web_serverMatch7.0sparc
OR
sunjava_system_web_serverMatch7.0windows
OR
sunjava_system_web_serverMatch7.0x86

Related

prion 4
cve 4
nvd 3
ubuntucve 1
cvelist 4
nessus 10
openvas 2
f5 2
gentoo 1
ibm 1
prion
prion
Sql injection
2007-07-11 23:30:00
Design/Logic Flaw
2007-07-11 23:30:00
Sql injection
2008-06-30 22:41:00
cve
cve
CVE-2007-3715
2007-07-11 23:30:00
CVE-2007-3716
2007-07-11 23:30:00
CVE-2008-2945
2008-06-30 22:41:00
nvd
nvd
CVE-2007-3716
2007-07-11 23:30:00
CVE-2008-2945
2008-06-30 22:41:00
CVE-2007-4289
2007-08-09 21:17:00
ubuntucve
ubuntucve
CVE-2007-3716
2007-07-11 00:00:00
cvelist
cvelist
CVE-2007-3715
2007-07-11 23:00:00
CVE-2007-3716
2007-07-11 23:00:00
CVE-2008-2945
2008-06-30 22:00:00
nessus
nessus
Sun Java JRE XML Signature Command Injection (102993) (Unix)
2013-02-22 00:00:00
Sun Java JRE XML Signature Command Injection (102993)
2007-07-16 00:00:00
Solaris 10 (sparc) : 125437-22 (deprecated)
2007-10-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
2008-09-24 00:00:00
f5
f5
SOL16475 - Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
K16475 : Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
gentoo
gentoo
BEA JRockit: Multiple vulnerabilities
2007-09-23 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON
Related for NVD:CVE-2007-3715
prion4cve4nvd3ubuntucve1cvelist4nessus10openvas2f52gentoo1ibm1