CVE-2007-3715

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICAL

EPSS

1.3%

top 20.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Application Server SUN Java System WEB Server

Timeline

PublishedJul 11

Latest updateMay 1

Description

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/java_system_application_server8.2, 9.0+1

▶NVDsun/java_system_web_server7.0

Patches

Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-m7vm-xh92-2mwf: Sun Java System Application Server and Web Server 7↗2022-05-01

▶

CVEList

CVE-2007-3715: Sun Java System Application Server and Web Server 7↗2007-07-11

▶