Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability

Bugtraq ID: 24850
Class: Design Error
CVE: CVE-2007-3715
Remote: Yes
Local: No
Published: Jul 10 2007 12:00AM
Updated: Oct 26 2007 10:26PM
Credit: Brad Hill of iSEC Partners reported this issue to the vendor.
Vulnerable: Sun SDK (Linux Production Release) 1.6 _1
Sun SDK (Linux Production Release) 1.5 _11
Sun SDK (Linux Production Release) 1.5 _06
Sun SDK (Linux Production Release) 1.5 _05
Sun SDK (Linux Production Release) 1.5 _04
Sun Java System Web Server 7.0
Sun Java System Portal Server 7
Sun Java System Application Server Standard Edition 8.2
Sun Java System Application Server Platform Edition 9.0 Update 1
Sun Java System Application Server Platform Edition 9.0
Sun Java System Application Server Platform Edition 8.2
Sun Java System Application Server Enterprise Edition 8.2
Sun Java 2 Standard Edition SDK 5.0 Update 9
Sun Java 2 Standard Edition SDK 5.0 Update 8
Sun Java 2 Standard Edition SDK 5.0 Update 7
Sun Java 2 Standard Edition SDK 5.0 Update 3
Sun Java 2 Standard Edition SDK 5.0 Update 2
Sun Java 2 Standard Edition SDK 5.0 Update 12
Sun Java 2 Standard Edition SDK 5.0 Update 10
Sun Java 2 Standard Edition SDK 5.0 Update 1
Sun Java 2 Standard Edition SDK 5.0
Sun Java 2 Runtime Environment 6.0 Update 1
Sun Java 2 Runtime Environment 5.0.Update 9
Sun Java 2 Runtime Environment 5.0.Update 12
Sun Java 2 Runtime Environment 5.0.Update 10
Sun Java 2 Runtime Environment 5.0 Update 8
Sun Java 2 Runtime Environment 5.0 Update 7
Sun Java 2 Runtime Environment 5.0 Update 6
Sun Java 2 Runtime Environment 5.0 Update 5
Sun Java 2 Runtime Environment 5.0 Update 4
Sun Java 2 Runtime Environment 5.0 Update 3
Sun Java 2 Runtime Environment 5.0 Update 2
Sun Java 2 Runtime Environment 5.0 Update 11
Sun Java 2 Runtime Environment 5.0 Update 1
Sun Java 2 Runtime Environment 5.0
IAIK XML Signature Library (IXSIL) 0
IAIK XML Security Toolkit (XSECT) 0
Gentoo Linux
BEA Systems JRockit R27.3.1
BEA Systems JRockit 6
Not Vulnerable: Sun SDK (Linux Production Release) 1.6 _02
Sun Java System Web Server 7.0 Update 1
Sun Java 2 Runtime Environment 6.0 Update 2


 

Privacy Statement
Copyright 2010, SecurityFocus