Intrusion PreventionSun.Java.XSLT.Stylesheets.Processing.Code.Execution
Description
This indicates an attempt to exploit an arbitrary code execution vulnerability in Sun JDK and JRE.
The vulnerability is a result of the software's failure to properly process XSLT stylesheets contained in XSLT Transforms, in XML Signatures. An attacker can exploit this by using a crafted XML file to execute arbitrary code with the permissions of the application processing it.
Affected Products
Sun Java JDK versions 1.6.x
Sun Java JRE versions 1.6.x / 6.x
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to Sun JDK and JRE 6 Update 2 :
http://java.sun.com/javase/downloads/index.jsp
Java SE 6 Update 2 for Solaris is available in the following patches :
Java SE 6 update 2 (as delivered in patch 125136-02 or later) :
Java SE 6 update 2 (as delivered in patch 125137-02 or later (64bit)) :
Java SE 6_x86 update 2 (as delivered in patch 125138-02 or later) :
Java SE 6_x86 update 2 (as delivered in patch 125139-02 or later (64bit)) :
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 14777 |
| Created | Mar 07, 2008 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2007-3715 CVE-2007-3716 |
| Exploit Prediction Score | 1.9% |
| Default Action | pass |
| Active | |
| Affected OS | All |
| Affected App | SUN |