CVE-2007-3716

Publication date 11 July 2007

Last updated 17 July 2025

Ubuntu priority

Description

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sun-java6	8.04 LTS hardy	Fixed 6-02-1ubuntu3
	7.10 gutsy	Fixed 6-02-1ubuntu3
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3716

CVE-2007-3716

Description

Status

References

Other references

Access our resources on patching vulnerabilities