CVE-2011-1425
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
04/04/2011
Last modified:
17/08/2017
Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Impact
Base Score 2.0
5.10
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:* | 1.2.16 (including) | |
cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
- http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
- http://secunia.com/advisories/43920
- http://secunia.com/advisories/44167
- http://secunia.com/advisories/44423
- http://trac.webkit.org/changeset/79159
- http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
- http://www.debian.org/security/2011/dsa-2219
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A063
- http://www.redhat.com/support/errata/RHSA-2011-0486.html
- http://www.securityfocus.com/bid/47135
- http://www.securitytracker.com/id?1025284=
- http://www.vupen.com/english/advisories/2011/0855
- http://www.vupen.com/english/advisories/2011/0858
- http://www.vupen.com/english/advisories/2011/1010
- http://www.vupen.com/english/advisories/2011/1172
- https://bugs.webkit.org/show_bug.cgi?id=52688
- https://bugzilla.redhat.com/show_bug.cgi?id=692133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66506