NVD

Id
55865  
Name
CVE-2007-3716  
Description
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-07-11  
Modified Date
2011-03-07  
Seq
2007-3716  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
284023 55865 CVE-2007-3716 BEA07-177.00  View
284024 55865 CVE-2007-3716 102993  View
284025 55865 CVE-2007-3716 GLSA-200709-15  View
284026 55865 CVE-2007-3716 http://www.isecpartners.com/advisories/2007-04-dsig.txt  View
284027 55865 CVE-2007-3716 http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf  View
284028 55865 CVE-2007-3716 20070712 Command Injection in XML Digital Signatures  View
284029 55865 CVE-2007-3716 20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption  View
284030 55865 CVE-2007-3716 1018365  View
284031 55865 CVE-2007-3716 ADV-2007-2492  View
284032 55865 CVE-2007-3716 ADV-2007-3009  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51893 JVNDB-2007-000556 Sun JDK および JRE の XSLT スタイルシートの処理における任意のコードを実行される脆弱性 Sun JDK および JRE に実装されている Java XML デジタル署名には、XML 署名に含まれる XSLT の Transforms 要素で指定された XSLT スタイルシートを適切に処理しないため、任意のコードを実行される脆弱性があります。 CVE-2007-3716 27071 CVE-2007-3716 55865 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000556.html 2007-07-10 2007-09-03 View