Lucene search

K

[email protected]NVD:CVE-2008-2945

HistoryJun 30, 2008 - 10:41 p.m.

CVE-2008-2945

2008-06-3022:41:00

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

Affected configurations

NVD

Node

sunjava_system_access_managerMatch6.3

OR

sunjava_system_access_managerMatch7.0

OR

sunjava_system_access_managerMatch7.1

OR

sunjava_system_identity_serverMatch6.1

OR

sunjava_system_identity_serverMatch6.2

References

secunia.com/advisories/30893

sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1

support.avaya.com/elmodocs2/security/ASA-2008-294.htm

www.securityfocus.com/bid/29988

www.securitytracker.com/id?1020380

www.vupen.com/english/advisories/2008/1967/references

exchange.xforce.ibmcloud.com/vulnerabilities/43429

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

Related for NVD:CVE-2008-2945

prion4 cve4 cvelist4 nvd3 ubuntucve1 nessus30 f52 openvas2 gentoo1 ibm1