5.1

CVE-2011-1425

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AlekseyXml Security Library Version <= 1.2.16
AlekseyXml Security Library Version0.0.1
AlekseyXml Security Library Version0.0.2
AlekseyXml Security Library Version0.0.2a
AlekseyXml Security Library Version0.0.3
AlekseyXml Security Library Version0.0.4
AlekseyXml Security Library Version0.0.5
AlekseyXml Security Library Version0.0.6
AlekseyXml Security Library Version0.0.7
AlekseyXml Security Library Version0.0.8
AlekseyXml Security Library Version0.0.9
AlekseyXml Security Library Version0.0.10
AlekseyXml Security Library Version0.0.11
AlekseyXml Security Library Version0.0.12
AlekseyXml Security Library Version0.0.13
AlekseyXml Security Library Version0.0.14
AlekseyXml Security Library Version0.0.15
AlekseyXml Security Library Version0.1.0
AlekseyXml Security Library Version0.1.1
AlekseyXml Security Library Version1.0.0
AlekseyXml Security Library Version1.0.0 Updaterc1
AlekseyXml Security Library Version1.0.1
AlekseyXml Security Library Version1.0.2
AlekseyXml Security Library Version1.0.3
AlekseyXml Security Library Version1.0.4
AlekseyXml Security Library Version1.1.0
AlekseyXml Security Library Version1.1.1
AlekseyXml Security Library Version1.1.2
AlekseyXml Security Library Version1.2.0
AlekseyXml Security Library Version1.2.1
AlekseyXml Security Library Version1.2.2
AlekseyXml Security Library Version1.2.3
AlekseyXml Security Library Version1.2.4
AlekseyXml Security Library Version1.2.5
AlekseyXml Security Library Version1.2.6
AlekseyXml Security Library Version1.2.7
AlekseyXml Security Library Version1.2.8
AlekseyXml Security Library Version1.2.9
AlekseyXml Security Library Version1.2.10
AlekseyXml Security Library Version1.2.11
AlekseyXml Security Library Version1.2.13
AlekseyXml Security Library Version1.2.14
AlekseyXml Security Library Version1.2.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.06% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
Patch
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
Patch
http://secunia.com/advisories/43920
Vendor Advisory
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://trac.webkit.org/changeset/79159
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
Patch
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securityfocus.com/bid/47135
http://www.securitytracker.com/id?1025284
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
https://bugs.webkit.org/show_bug.cgi?id=52688
https://bugzilla.redhat.com/show_bug.cgi?id=692133
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506