[Japanese]

JVNDB-2008-000016

Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

Overview

The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.

The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Apple Inc.
  • Apple Mac OS X v10.4.11
  • Apple Mac OS X v10.5.4 through v10.5.5
  • Apple Mac OS X Server v10.4.11
  • Apple Mac OS X Server v10.5.4 through v10.5.5
Sun Microsystems, Inc.
  • JDK 6 Update 4 and earlier
  • JDK 5.0 Update 14 and earlier
  • JRE 6 Update 4 and earlier
  • JRE 5.0 Update 14 and earlier
  • JRE 1.4.2_16 and earlier
  • SDK 1.4.2_16 and earlier
MIRACLE LINUX CORPORATION
  • Asianux Server 3 (x86)
  • Asianux Server 3 (x86-64)
Red Hat, Inc.
  • Red Hat Enterprise Linux Extras 4 extras
  • Red Hat Enterprise Linux Extras 3 extras
  • RHEL Desktop Supplementary 5 (client)
  • RHEL Supplementary 5 (server)
Hitachi, Ltd
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • uCosminexus Client
  • uCosminexus Developer Professional
  • uCosminexus Developer Standard
  • uCosminexus Operator
  • uCosminexus Service Platform
  • uCosminexus Service Architect
  • Electronic Form Workflow Set
  • Electronic Form Workflow Professional Set
  • Electronic Form Workflow Developer Set
  • Electronic Form Workflow Standard Set
  • Electronic Form Workflow Professional Library Set
  • Electronic Form Workflow Developer Client Set

Impact

The impacts vary depending on the version of JRE.

If a user downloads an untrusted applet from a website which performs XSLT transformations, a remote attacker could view local files, execute arbitrary code, or terminate the user's web browser via the applet executed on the web browser.
Solution

[Update the Software]

Sun Microsystems has released JDK and JRE 6 Update 5, JDK and JRE 5.0 Update 15, and SDK and JRE 1.4.2_17 to address this vulnerability. Users affected are recommended to update to the fixed versions as soon as possible.
Vendor Information

Apple Inc. Sun Microsystems, Inc. MIRACLE LINUX CORPORATION
  • Asianux Technical Support Network : jdk-1.6.0_05 (Japanese)
Red Hat, Inc. Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS08-010
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2008-1187
References

  1. JVN : JVNTA08-066A
  2. JVN : JVN#04032535
  3. JVN Status Tracking Notes : TRTA08-066A
  4. National Vulnerability Database (NVD) : CVE-2008-1187
  5. IPA SECURITY ALERTS : Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations
  6. US-CERT Cyber Security Alerts : SA08-066A
  7. US-CERT Technical Cyber Security Alert : TA08-066A
  8. Secunia Advisory : SA29273
  9. SecurityFocus : 28083
  10. ISS X-Force Database : 41025
  11. SecurityTracker : 1019548
  12. FrSIRT Advisories : FrSIRT/ADV-2008-0770
  13. JVN iPedia (Japanese) : JVNDB-2008-000016
Revision History

  • [2008/05/21]
      Web page published
    [2008/06/06]
      Affected Products : Added Hitachi, Ltd(HS08-010).
      Vendor Information : Added Red Hat, Inc.
        RHSA-2008:0243
        RHSA-2008:0244
        RHSA-2008:0245
        RHSA-2008:0267
      Vendor Information : Added Hitachi, Ltd(HS08-010).
    [2008/07/30]
      Affected Products : Added Red Hat, Inc. (RHSA-2008:0555).
      Vendor Information : Added Red Hat, Inc. (RHSA-2008:0555).
    [2008/10/09]
      Affected Products : Added Apple Inc.
        Java for Mac OS X 10.4, Release 7
        Java for Mac OS X 10.5 Update 2
      Vendor Information : Added Apple Inc.
        Java for Mac OS X 10.4, Release 7
        Java for Mac OS X 10.5 Update 2