PRIOn knowledge basePRION:CVE-2011-1202

HistoryMar 11, 2011 - 2:01 a.m.

Design/Logic Flaw

2011-03-1102:01:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.1%

JSON

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CPENameOperatorVersion
chromelt10.0.648.127
libxsltle1.1.26

CPE	Name	Operator	Version
	chrome	lt	10.0.648.127
	libxslt	le	1.1.26

References

downloads.avaya.com/css/P8/documents/100144158

git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f

www.mandriva.com/security/advisories?name=MDVSA-2011:079

www.mandriva.com/security/advisories?name=MDVSA-2012:164

www.securityfocus.com/bid/46785

www.vupen.com/english/advisories/2011/0628

bugzilla.redhat.com/show_bug.cgi?id=684386

code.google.com/p/chromium/issues/detail?id=73716

exchange.xforce.ibmcloud.com/vulnerabilities/65966

googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244

scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for PRION:CVE-2011-1202