Vulners
Lucene search
MiracleLinux 4 : libxslt-1.1.26-2.1.0.1.AXS4 (AXSA:2012-977:01)
| Reporter | Title | Published | Views | Family All 320 |
|---|---|---|---|---|
 | Mozilla Firefox < 3.5.19 Multiple Vulnerabilities | 29 Apr 201100:00 | – | nessus |
| Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities | 29 Apr 201100:00 | – | nessus |
| Mozilla Firefox 4.0.x < 4.0.1 Multiple Vulnerabilities | 29 Apr 201100:00 | – | nessus |
| SeaMonkey < 2.0.14 Multiple Vulnerabilities | 25 Mar 201100:00 | – | nessus |
| Google Chrome < 17.0.963.46 Multiple Vulnerabilities | 8 Feb 201200:00 | – | nessus |
| Google Chrome < 21.0.1180.89 Multiple Vulnerabilities | 5 Sep 201200:00 | – | nessus |
| Google Chrome < 10.0.648.127 Multiple Vulnerabilities | 9 Mar 201100:00 | – | nessus |
| Google Chrome < 20.0.1132.43 Multiple Vulnerabilities | 5 Jul 201200:00 | – | nessus |
| Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities | 29 Apr 201100:00 | – | nessus |
| Mozilla Firefox < 3.5.19 Multiple Vulnerabilities | 29 Apr 201100:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-977:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(283969);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");
script_cve_id(
"CVE-2011-1202",
"CVE-2011-3970",
"CVE-2012-2825",
"CVE-2012-2870",
"CVE-2012-2871"
);
script_name(english:"MiracleLinux 4 : libxslt-1.1.26-2.1.0.1.AXS4 (AXSA:2012-977:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2012-977:01 advisory.
This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard
XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27
installed. The xsltproc command is a command line interface to the XSLT engine
Security issues fixed with this release:
CVE-2011-1202
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome
before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive
information about heap memory addresses via an XML document containing a call to the XSLT generate-id
XPath function.
CVE-2011-3970
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service
(out-of-bounds read) via unspecified vectors.
CVE-2012-2825
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of
service (incorrect read operation) via unspecified vectors.
CVE-2012-2870
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory,
which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT
expression that is not properly identified during XPath navigation, related to (1) the
xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function
in libxslt/functions.c.
CVE-2012-2871
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a
cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause
a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs
data structure in include/libxml/tree.h.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3534");
script_set_attribute(attribute:"solution", value:
"Update the affected libxslt and / or libxslt-devel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2871");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-2870");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2012/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libxslt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libxslt-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'libxslt-1.1.26-2.1.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libxslt-1.1.26-2.1.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libxslt-devel-1.1.26-2.1.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libxslt-devel-1.1.26-2.1.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxslt / libxslt-devel');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2026 00:00Current
8.9High risk
Vulners AI Score8.9
CVSS 26.8
EPSS0.01505