Lucene search

[email protected]NVD:CVE-2011-1425

HistoryApr 04, 2011 - 12:27 p.m.

CVE-2011-1425

2011-04-0412:27:57

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Affected configurations

Nvd

Node

alekseyxml_security_libraryRange≤1.2.16

alekseyxml_security_libraryMatch0.0.1

alekseyxml_security_libraryMatch0.0.2

alekseyxml_security_libraryMatch0.0.2a

alekseyxml_security_libraryMatch0.0.3

alekseyxml_security_libraryMatch0.0.4

alekseyxml_security_libraryMatch0.0.5

alekseyxml_security_libraryMatch0.0.6

alekseyxml_security_libraryMatch0.0.7

alekseyxml_security_libraryMatch0.0.8

alekseyxml_security_libraryMatch0.0.9

alekseyxml_security_libraryMatch0.0.10

alekseyxml_security_libraryMatch0.0.11

alekseyxml_security_libraryMatch0.0.12

alekseyxml_security_libraryMatch0.0.13

alekseyxml_security_libraryMatch0.0.14

alekseyxml_security_libraryMatch0.0.15

alekseyxml_security_libraryMatch0.1.0

alekseyxml_security_libraryMatch0.1.1

alekseyxml_security_libraryMatch1.0.0

alekseyxml_security_libraryMatch1.0.0rc1

alekseyxml_security_libraryMatch1.0.1

alekseyxml_security_libraryMatch1.0.2

alekseyxml_security_libraryMatch1.0.3

alekseyxml_security_libraryMatch1.0.4

alekseyxml_security_libraryMatch1.1.0

alekseyxml_security_libraryMatch1.1.1

alekseyxml_security_libraryMatch1.1.2

alekseyxml_security_libraryMatch1.2.0

alekseyxml_security_libraryMatch1.2.1

alekseyxml_security_libraryMatch1.2.2

alekseyxml_security_libraryMatch1.2.3

alekseyxml_security_libraryMatch1.2.4

alekseyxml_security_libraryMatch1.2.5

alekseyxml_security_libraryMatch1.2.6

alekseyxml_security_libraryMatch1.2.7

alekseyxml_security_libraryMatch1.2.8

alekseyxml_security_libraryMatch1.2.9

alekseyxml_security_libraryMatch1.2.10

alekseyxml_security_libraryMatch1.2.11

alekseyxml_security_libraryMatch1.2.13

alekseyxml_security_libraryMatch1.2.14

alekseyxml_security_libraryMatch1.2.15

applewebkit

References

git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

secunia.com/advisories/43920

secunia.com/advisories/44167

secunia.com/advisories/44423

trac.webkit.org/changeset/79159

www.aleksey.com/pipermail/xmlsec/2011/009120.html

www.debian.org/security/2011/dsa-2219

www.mandriva.com/security/advisories?name=MDVSA-2011:063

www.redhat.com/support/errata/RHSA-2011-0486.html

www.securityfocus.com/bid/47135

www.securitytracker.com/id?1025284

www.vupen.com/english/advisories/2011/0855

www.vupen.com/english/advisories/2011/0858

www.vupen.com/english/advisories/2011/1010

www.vupen.com/english/advisories/2011/1172

bugs.webkit.org/show_bug.cgi?id=52688

bugzilla.redhat.com/show_bug.cgi?id=692133

exchange.xforce.ibmcloud.com/vulnerabilities/66506

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

Related for NVD:CVE-2011-1425

oraclelinux1 openvas15 ubuntucve2 cve2 securityvulns2 debian1 nessus8 cvelist2 centos1 redhat1 debiancve1 prion2 nvd1 freebsd1 gentoo1