[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1425Date: (C)2011-04-04   (M)2023-12-22


xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1025284
SECUNIA-43920
SECUNIA-44167
SECUNIA-44423
BID-47135
ADV-2011-0855
ADV-2011-0858
ADV-2011-1010
ADV-2011-1172
DSA-2219
MDVSA-2011:063
RHSA-2011:0486
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
http://trac.webkit.org/changeset/79159
https://bugs.webkit.org/show_bug.cgi?id=52688
https://bugzilla.redhat.com/show_bug.cgi?id=692133
xmlsecurity-xmlfiles-sec-bypass(66506)

CPE    1
cpe:/a:apple:webkit
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:201668
oval:org.secpod.oval:def:200402
oval:org.secpod.oval:def:300435
oval:org.secpod.oval:def:201563
...

© SecPod Technologies