{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Sun Java System Web Application Server 8.x ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Sun Java System Web Application Server 9.x.","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Sun Java JDK 1.6.x ;","product":{"name":"N/A","vendor":{"name":"Centreon","scada":false}}},{"description":"Sun Java System Web Server 7.x ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Sun Java JRE 1.6.x (6.x) ;","product":{"name":"N/A","vendor":{"name":"Centreon","scada":false}}}],"affected_systems_content":"","content":"## Description\n\nLa machine virtuelle Java de Sun comporte une vuln\u00e9rabilit\u00e9 dans la mise\nen \u0153uvre du traitement des fichiers au format XSLT (eXtended Stylesheet\nLanguage Transformations) permettant la manipulation de signatures au\nformat XML (eXtensible Markup Language) . Il est donc possible \u00e0 un\nutilisateur distant malintentionn\u00e9 d'ex\u00e9cuter du code arbitraire par le\nbiais d'une signature XML construite de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[],"reference":"CERTA-2007-AVI-301","revisions":[{"description":"version initiale.","revision_date":"2007-07-11T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans la machine virtuelle Java de Sun ainsi que dans\nun produit associ\u00e9 : Java System Web Application Server permet \u00e0 un\nutilisateur distant d'ex\u00e9cuter du code arbitraire.\n","title":"Vuln\u00e9rabilit\u00e9 dans la machine virtuelle Java de Sun","vendor_advisories":[{"published_at":"2007-07-10","title":"Bulletin de s\u00e9curit\u00e9 Sun #102993 relatif \u00e0 JRE et JDK","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1"},{"published_at":"2007-07-10","title":"Bulletin de s\u00e9curit\u00e9 Sun relatif \u00e0 Java System Web Application Server","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"}]}