Lucene search

[email protected]NVD:CVE-2012-0057

HistoryFeb 02, 2012 - 12:55 a.m.

CVE-2012-0057

2012-02-0200:55:01

CWE-264

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Affected configurations

NVD

Node

phpphpRange≤5.3.8

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

openwall.com/lists/oss-security/2012/01/13/10

openwall.com/lists/oss-security/2012/01/13/4

openwall.com/lists/oss-security/2012/01/13/5

openwall.com/lists/oss-security/2012/01/13/6

openwall.com/lists/oss-security/2012/01/13/7

openwall.com/lists/oss-security/2012/01/14/1

openwall.com/lists/oss-security/2012/01/14/2

openwall.com/lists/oss-security/2012/01/14/3

openwall.com/lists/oss-security/2012/01/15/1

openwall.com/lists/oss-security/2012/01/15/10

openwall.com/lists/oss-security/2012/01/15/2

openwall.com/lists/oss-security/2012/01/18/3

php.net/ChangeLog-5.php#5.3.9

secunia.com/advisories/48668

www.debian.org/security/2012/dsa-2399

bugs.php.net/bug.php?id=54446

exchange.xforce.ibmcloud.com/vulnerabilities/72908

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for NVD:CVE-2012-0057

seebug2 cve1 prion1 ubuntucve1 openvas33 cvelist1 nessus26 suse5 freebsd1 oraclelinux3 debian2 osv1 veracode6 centos3 redhat3 ubuntu2 gentoo1 f52