5.1
CVE-2011-1425
- EPSS 8.06%
- Veröffentlicht 04.04.2011 12:27:57
- Zuletzt bearbeitet 16.06.2026 23:29:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aleksey ≫ Xml Security Library Version <= 1.2.16
Aleksey ≫ Xml Security Library Version0.0.1
Aleksey ≫ Xml Security Library Version0.0.2
Aleksey ≫ Xml Security Library Version0.0.2a
Aleksey ≫ Xml Security Library Version0.0.3
Aleksey ≫ Xml Security Library Version0.0.4
Aleksey ≫ Xml Security Library Version0.0.5
Aleksey ≫ Xml Security Library Version0.0.6
Aleksey ≫ Xml Security Library Version0.0.7
Aleksey ≫ Xml Security Library Version0.0.8
Aleksey ≫ Xml Security Library Version0.0.9
Aleksey ≫ Xml Security Library Version0.0.10
Aleksey ≫ Xml Security Library Version0.0.11
Aleksey ≫ Xml Security Library Version0.0.12
Aleksey ≫ Xml Security Library Version0.0.13
Aleksey ≫ Xml Security Library Version0.0.14
Aleksey ≫ Xml Security Library Version0.0.15
Aleksey ≫ Xml Security Library Version0.1.0
Aleksey ≫ Xml Security Library Version0.1.1
Aleksey ≫ Xml Security Library Version1.0.0
Aleksey ≫ Xml Security Library Version1.0.0 Updaterc1
Aleksey ≫ Xml Security Library Version1.0.1
Aleksey ≫ Xml Security Library Version1.0.2
Aleksey ≫ Xml Security Library Version1.0.3
Aleksey ≫ Xml Security Library Version1.0.4
Aleksey ≫ Xml Security Library Version1.1.0
Aleksey ≫ Xml Security Library Version1.1.1
Aleksey ≫ Xml Security Library Version1.1.2
Aleksey ≫ Xml Security Library Version1.2.0
Aleksey ≫ Xml Security Library Version1.2.1
Aleksey ≫ Xml Security Library Version1.2.2
Aleksey ≫ Xml Security Library Version1.2.3
Aleksey ≫ Xml Security Library Version1.2.4
Aleksey ≫ Xml Security Library Version1.2.5
Aleksey ≫ Xml Security Library Version1.2.6
Aleksey ≫ Xml Security Library Version1.2.7
Aleksey ≫ Xml Security Library Version1.2.8
Aleksey ≫ Xml Security Library Version1.2.9
Aleksey ≫ Xml Security Library Version1.2.10
Aleksey ≫ Xml Security Library Version1.2.11
Aleksey ≫ Xml Security Library Version1.2.13
Aleksey ≫ Xml Security Library Version1.2.14
Aleksey ≫ Xml Security Library Version1.2.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.06% | 0.941 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
http://secunia.com/advisories/43920
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://trac.webkit.org/changeset/79159
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securityfocus.com/bid/47135
http://www.securitytracker.com/id?1025284
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
https://bugs.webkit.org/show_bug.cgi?id=52688
https://bugzilla.redhat.com/show_bug.cgi?id=692133
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506