« Sun Alert 102978... | Main | Sun Alert 101918... »
10 Jul 2007 Sun Alert 102993 Java Runtime Environment Does Not Securely Process XSLT Stylesheets Contained in XML Signatures
posted by security in Alerts
Product: Java 2 Platform, Standard Edition

The Java XML Digital Signature implementation that is included in the JDK and JRE 6 release does not securely process XSLT stylesheets contained in XSLT Transforms in XML Signatures. This could lead to the execution of arbitrary code with the permissions of the application processing XML signatures that include these XSLT stylesheets.

Sun acknowledges with thanks, Brad Hill of iSEC Partners, for bringing this issue to our attention.

Avoidance: Patch, Upgrade
State: Resolved
First released: 10-Jul-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102993_java_runtime
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 102978... | Main | Sun Alert 101918... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.