Vulnerabilities > CVE-2007-4289 - Unspecified vulnerability in SUN Java System Portal Server 7.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_121914.NASL description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09 This plugin has been deprecated and either replaced with individual 121914 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26994 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26994 title Solaris 10 (x86) : 121914-20 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(26994); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2007-4289", "CVE-2008-6192"); script_name(english:"Solaris 10 (x86) : 121914-20 (deprecated)"); script_summary(english:"Check for patch 121914-20"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09 This plugin has been deprecated and either replaced with individual 121914 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/121914-20" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 121914 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_121914.NASL description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09 last seen 2020-06-01 modified 2020-06-02 plugin id 27014 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27014 title Solaris 8 (x86) : 121914-20 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27014); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2007-4289", "CVE-2008-6192"); script_name(english:"Solaris 8 (x86) : 121914-20"); script_summary(english:"Check for patch 121914-20"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 121914-20" ); script_set_attribute( attribute:"description", value: "Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/121914-20" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-base", version:"7.0,REV=2005.12.12.00.47") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-admin", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-search", version:"7.0,REV=2005.12.12.00.49") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"121914-20", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_121913.NASL description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09 last seen 2020-06-01 modified 2020-06-02 plugin id 27018 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27018 title Solaris 9 (sparc) : 121913-20 NASL family Solaris Local Security Checks NASL id SOLARIS8_121913.NASL description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09 last seen 2020-06-01 modified 2020-06-02 plugin id 27053 published 2007-10-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27053 title Solaris 8 (sparc) : 121913-20 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_121914.NASL description Portal Server 7.0: Miscellaneous Fixes _x86. Date this patch was last updated by Sun : Jun/26/09 last seen 2020-06-01 modified 2020-06-02 plugin id 27030 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27030 title Solaris 9 (x86) : 121914-20 NASL family Solaris Local Security Checks NASL id SOLARIS10_121913.NASL description Portal Server 7.0: Miscellaneous Fixes. Date this patch was last updated by Sun : Jun/26/09 This plugin has been deprecated and either replaced with individual 121913 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26982 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26982 title Solaris 10 (sparc) : 121913-20 (deprecated)
References
- http://secunia.com/advisories/26327
- http://secunia.com/advisories/26327
- http://securitytracker.com/id?1018513
- http://securitytracker.com/id?1018513
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1
- http://www.isecpartners.com/advisories/2007-04-dsig.txt
- http://www.isecpartners.com/advisories/2007-04-dsig.txt
- http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
- http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
- http://www.securityfocus.com/archive/1/473553/100/0/threaded
- http://www.securityfocus.com/archive/1/473553/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35811