NVD

Id
2839  
Name
CVE-2008-2945  
Description
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-06-30  
Modified Date
2011-03-07  
Seq
2008-2945  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
18046 2839 CVE-2008-2945 201538  View
18047 2839 CVE-2008-2945 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm  View
18048 2839 CVE-2008-2945 29988  View
18049 2839 CVE-2008-2945 1020380  View
18050 2839 CVE-2008-2945 ADV-2008-1967  View
18051 2839 CVE-2008-2945 sun-jsam-xslt-code-execution(43429)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50637 JVNDB-2008-005947 Sun Java System Access Manager および Sun Java System Identity Server における任意のコードを実行される脆弱性 Sun Java System Access Manager および Sun Java System Identity Server は、XML 署名の XSLT transform 内の XSLT スタイルシートを適切に処理しないため、任意のコードを実行される脆弱性が存在します。 CVE-2008-2945 33058 CVE-2008-2945 2839 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005947.html 2008-06-26 2012-12-20 View