CVE-2007-3715

Published Jul 11, 2007

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0515F299-43E6-4957-A086-607DEC1F6C3D"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95D68A65-BEE4-4043-95E8-0A113B33AD1A"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8481AAD3-EC42-475B-AD1B-BD99AC13BA68"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A13968A-99F0-439C-BCA5-7002AC7A2E48"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D837D07F-E675-421C-8BD0-B774881A1B79"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B05BB1F3-1324-4070-802B-E61B76888391"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B74A192-69A9-4732-80E6-803E042477ED"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F900745-5E01-47AE-A752-3E4A63CE96D8"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C82607CC-0873-4ED0-BCC4-D5080673E898"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC1D162B-C6DB-4B5D-82E7-C3E2F2D4B18D"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4852722-FF63-47A5-B227-02271B565CBA"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DACAFF0-17BD-4DEA-8D95-34C9A265320C"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF7FCB5-7322-492E-97DD-A34DDEF1457B"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7EA87D0-778A-4C09-A069-81CF0D767B89"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC6726C-9A14-4E5D-AE46-171D286B0889"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References