Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerabilit

JavaFAQ Home » Security Go to all tips in Security


Bookmark and Share

Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server, remote!

A vulnerability in Sun Java System Web Server and Application Server has been reported, which can be exploited by local users to perform actions with escalated privileges.

Certain releases of Sun Java System Application Server and Sun Java System Web Server (listed in "Contributing Factors") do not securely process XSLT stylesheets contained in XSLT Transforms in XML Signatures. This could allow malicious XLST stylesheets to be executed which may, for example, allow execution of an arbitrary Java method.

The vulnerability is due to an error within the Java XML Digital Signature implementation when processing XSLT stylesheets contained in XSLT Transforms in XML Signatures.

Remote: yes

Solution summary: you need to get latest updates at SUN web site here.


 Printer Friendly Page  Printer Friendly Page
 Send to a Friend  Send to a Friend

.. Bookmark and Share

Search here again if you need more info!
Custom Search



Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy