Lucene search

K

MitreCVELIST:CVE-2011-1202

HistoryMar 11, 2011 - 1:00 a.m.

CVE-2011-1202

2011-03-1101:00:00

mitre

www.cve.org

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

References

code.google.com/p/chromium/issues/detail?id=73716

downloads.avaya.com/css/P8/documents/100144158

git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f

googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html

www.mandriva.com/security/advisories?name=MDVSA-2011:079

www.mandriva.com/security/advisories?name=MDVSA-2012:164

www.securityfocus.com/bid/46785

www.vupen.com/english/advisories/2011/0628

bugzilla.redhat.com/show_bug.cgi?id=684386

exchange.xforce.ibmcloud.com/vulnerabilities/65966

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

Related for CVELIST:CVE-2011-1202

prion3 cve3 veracode6 nvd3 debiancve1 ubuntucve2 securityvulns4 mozilla1 cvelist2 android1 nessus46 openvas55 fedora3 ubuntu7 amazon1 oraclelinux2 redhat3 centos2 vmware2 suse1 tenable1 gentoo1