Published:2008/03/11  Last Updated:2008/07/17

Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations


The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.

Products Affected

  • JDK and JRE 6 Update 4 and earlier
  • JDK and JRE 5.0 Update 14 and earlier
  • SDK and JRE 1.4.2_16 and earlier


The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.


The impacts vary depending on the version of JRE.

If a user downloads an untrusted applet from a website which performs XSLT transformations, a remote attacker could view local files, execute arbitrary code, or terminate the user's web browser via the applet executed on the web browser.


Update the Software
Sun Microsystems has released JDK and JRE 6 Update 5, JDK and JRE 5.0 Update 15, and SDK and JRE 1.4.2_17 to address this vulnerability. Users affected are recommended to update to the fixed versions as soon as possible.


  1. IPA
    Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.03.11

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Medium-High

Description of each analysis measures


Shou Kojima of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory Technical Cyber Security Alert TA08-066A
Sun Updates for Multiple Vulnerabilities in Java
CPNI Advisory
JVN iPedia JVNDB-2008-000016

Update History

JVN English site opened and the first English advisory of this issue was published.
Information under the section "References" was added.