Lucene search

Java System Application Server Security Vulnerabilities - 2007

cve

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

6.6AI Score

0.027EPSS

2007-07-11 11:30 PM

cve

CVE-2007-4025

Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.

6.9AI Score

0.008EPSS

2007-07-26 07:30 PM

cve

CVE-2007-4511

The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass...

6.7AI Score

0.108EPSS

2007-08-23 07:17 PM

cve

CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.

6.9AI Score

0.019EPSS

2007-10-01 05:17 AM

cve

CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.

7.7AI Score

0.145EPSS

2007-10-01 05:17 AM