Strix
26.1K

CVE-2007-3716

UnknownEPSS 3.55%

Last modified

CVE-2007-3716 is a vulnerability of currently unknown severity. The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.. EPSS estimates a 3.55% chance of exploitation in the next 30 days.

Description

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

Metrics

EPSS Probability
3.55%

87.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SunJdk<= 6Update 1
SunJre<= 6Update 1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-3716?
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
How severe is CVE-2007-3716?
Severity scoring for CVE-2007-3716 is pending analysis. The EPSS model estimates a 3.55% probability of exploitation in the next 30 days.
How do I fix CVE-2007-3716?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-3716?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST