Improper input validation in Sun Java_system_access_manager

CVE-2008-2945

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary cod…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.028 (84.6th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_access_manager — versions 6.3, 7.0, 7.1
Sun Java_system_identity_server — versions 6.1, 6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)