Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-0057
HistoryFeb 01, 2012 - 12:00 a.m.

CVE-2012-0057

2012-02-0100:00:00
ubuntu.com
ubuntu.com
20

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

80.1%

PHP before 5.3.9 has improper libxslt security settings, which allows
remote attackers to create arbitrary files via a crafted XSLT stylesheet
that uses the libxslt output extension.

Bugs

Notes

Author Note
jdstrand watch out for Debian regression (658087) for DSA-2399-1 in php5-xsl
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.22UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.13UNKNOWN
ubuntu10.10noarchphp5< 5.3.3-1ubuntu9.9UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.6UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.5UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

80.1%