6.8 Medium
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.1%
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
secunia.com/advisories/43920
secunia.com/advisories/44167
secunia.com/advisories/44423
trac.webkit.org/changeset/79159
www.aleksey.com/pipermail/xmlsec/2011/009120.html
www.debian.org/security/2011/dsa-2219
www.mandriva.com/security/advisories?name=MDVSA-2011:063
www.redhat.com/support/errata/RHSA-2011-0486.html
www.securityfocus.com/bid/47135
www.securitytracker.com/id?1025284
www.vupen.com/english/advisories/2011/0855
www.vupen.com/english/advisories/2011/0858
www.vupen.com/english/advisories/2011/1010
www.vupen.com/english/advisories/2011/1172
bugs.webkit.org/show_bug.cgi?id=52688
bugzilla.redhat.com/show_bug.cgi?id=692133
exchange.xforce.ibmcloud.com/vulnerabilities/66506