Sun.Java.XSLT.Stylesheets.Processing.Code.Execution
Description
This indicates an attempt to exploit an arbitrary code execution vulnerability in Sun JDK and JRE.
The vulnerability is a result of the software's failure to properly process XSLT stylesheets contained in XSLT Transforms, in XML Signatures. An attacker can exploit this by using a crafted XML file to execute arbitrary code with the permissions of the application processing it.
Affected Products
Sun Java JDK versions 1.6.x
Sun Java JRE versions 1.6.x / 6.x
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to Sun JDK and JRE 6 Update 2 :
http://java.sun.com/javase/downloads/index.jsp
Java SE 6 Update 2 for Solaris is available in the following patches :
Java SE 6 update 2 (as delivered in patch 125136-02 or later) :
Java SE 6 update 2 (as delivered in patch 125137-02 or later (64bit)) :
Java SE 6_x86 update 2 (as delivered in patch 125138-02 or later) :
Java SE 6_x86 update 2 (as delivered in patch 125139-02 or later (64bit)) :
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |