First published: Thu Aug 09 2007(Updated: )
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sun Java System Portal Server | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-4289 has a medium severity rating as it allows context-dependent attackers to execute arbitrary Java methods.
To fix CVE-2007-4289, update Sun Java System Portal Server to the latest patched version.
CVE-2007-4289 specifically affects Sun Java System Portal Server version 7.0.
CVE-2007-4289 is associated with command injection attacks via crafted XSLT stylesheets.
Yes, CVE-2007-4289 can potentially allow remote code execution by exploiting malformed XML signatures.