Vulnerability Name:

CVE-2007-3715 (CCN-35335)

Assigned:2007-07-10
Published:2007-07-10
Updated:2018-10-15
Summary:Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Jul 12 2007 - 15:23:23 CDT
Command Injection in XML Digital Signatures

Source: MITRE
Type: CNA
CVE-2007-3715

Source: OSVDB
Type: UNKNOWN
37248

Source: CCN
Type: SA26023
Sun Java System Web / Application Server XSLT Processing Vulnerability

Source: SECUNIA
Type: Vendor Advisory
26023

Source: CCN
Type: Sun Alert ID: 102992
Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server

Source: SUNALERT
Type: Patch, Vendor Advisory
102992

Source: SUNALERT
Type: Vendor Advisory
200054

Source: CCN
Type: ASA-2007-320
Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server (Sun 102992)

Source: MISC
Type: UNKNOWN
http://www.isecpartners.com/advisories/2007-04-dsig.txt

Source: MISC
Type: UNKNOWN
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf

Source: CCN
Type: OSVDB ID: 36664
Sun Java JDK / JRE XML Digital Signature XSLT Stylesheet Handling Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 37248
Sun Java System Web / Application Server Crafted XSLT Stylesheet Arbitrary Java Method Execution

Source: CCN
Type: OSVDB ID: 37251
Sun Java System Portal Server Crafted XSLT Stylesheet Arbitrary Java Method Execution

Source: CCN
Type: OSVDB ID: 46579
Sun Java System Access Manager XSLT Stylesheet Processing Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20070712 Command Injection in XML Digital Signatures

Source: BUGTRAQ
Type: UNKNOWN
20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption

Source: BID
Type: Patch
24850

Source: CCN
Type: BID-24850
Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2493

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2785

Source: XF
Type: UNKNOWN
javasystem-xsltstylesheets-code-execution(35335)

Source: XF
Type: UNKNOWN
sunjava-xsltstylesheets-code-execution(35335)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:enterprise_linux:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:enterprise_sparc:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:enterprise_windows:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:enterprise_x86:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform_linux:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform_sparc:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform_windows:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform_x86:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform_linux:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform_sparc:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform_windows:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform_x86:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2::platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0::platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2::enterprise:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 9.0
    sun java system application server 9.0
    sun java system application server 9.0
    sun java system application server 9.0
    sun java system application server 9.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system web server 7.0
    sun java system application server 8.2
    sun java system application server 9.0
    sun java system application server 8.2