5.1

CVE-2011-1425

EPSS 9.9%
Veröffentlicht 04.04.2011 12:27:57
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aleksey ≫ Xml Security Library Version <= 1.2.16

Aleksey ≫ Xml Security Library Version0.0.1

Aleksey ≫ Xml Security Library Version0.0.2

Aleksey ≫ Xml Security Library Version0.0.2a

Aleksey ≫ Xml Security Library Version0.0.3

Aleksey ≫ Xml Security Library Version0.0.4

Aleksey ≫ Xml Security Library Version0.0.5

Aleksey ≫ Xml Security Library Version0.0.6

Aleksey ≫ Xml Security Library Version0.0.7

Aleksey ≫ Xml Security Library Version0.0.8

Aleksey ≫ Xml Security Library Version0.0.9

Aleksey ≫ Xml Security Library Version0.0.10

Aleksey ≫ Xml Security Library Version0.0.11

Aleksey ≫ Xml Security Library Version0.0.12

Aleksey ≫ Xml Security Library Version0.0.13

Aleksey ≫ Xml Security Library Version0.0.14

Aleksey ≫ Xml Security Library Version0.0.15

Aleksey ≫ Xml Security Library Version0.1.0

Aleksey ≫ Xml Security Library Version0.1.1

Aleksey ≫ Xml Security Library Version1.0.0

Aleksey ≫ Xml Security Library Version1.0.0 Updaterc1

Aleksey ≫ Xml Security Library Version1.0.1

Aleksey ≫ Xml Security Library Version1.0.2

Aleksey ≫ Xml Security Library Version1.0.3

Aleksey ≫ Xml Security Library Version1.0.4

Aleksey ≫ Xml Security Library Version1.1.0

Aleksey ≫ Xml Security Library Version1.1.1

Aleksey ≫ Xml Security Library Version1.1.2

Aleksey ≫ Xml Security Library Version1.2.0

Aleksey ≫ Xml Security Library Version1.2.1

Aleksey ≫ Xml Security Library Version1.2.2

Aleksey ≫ Xml Security Library Version1.2.3

Aleksey ≫ Xml Security Library Version1.2.4

Aleksey ≫ Xml Security Library Version1.2.5

Aleksey ≫ Xml Security Library Version1.2.6

Aleksey ≫ Xml Security Library Version1.2.7

Aleksey ≫ Xml Security Library Version1.2.8

Aleksey ≫ Xml Security Library Version1.2.9

Aleksey ≫ Xml Security Library Version1.2.10

Aleksey ≫ Xml Security Library Version1.2.11

Aleksey ≫ Xml Security Library Version1.2.13

Aleksey ≫ Xml Security Library Version1.2.14

Aleksey ≫ Xml Security Library Version1.2.15

Apple ≫ WebKit

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.9%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Patch

http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Patch

http://secunia.com/advisories/43920

Vendor Advisory

http://secunia.com/advisories/44167

http://secunia.com/advisories/44423

http://trac.webkit.org/changeset/79159

http://www.aleksey.com/pipermail/xmlsec/2011/009120.html

Patch

http://www.debian.org/security/2011/dsa-2219

http://www.mandriva.com/security/advisories?name=MDVSA-2011:063

http://www.redhat.com/support/errata/RHSA-2011-0486.html

http://www.securityfocus.com/bid/47135

http://www.securitytracker.com/id?1025284

http://www.vupen.com/english/advisories/2011/0855

http://www.vupen.com/english/advisories/2011/0858

http://www.vupen.com/english/advisories/2011/1010

http://www.vupen.com/english/advisories/2011/1172

https://bugs.webkit.org/show_bug.cgi?id=52688

https://bugzilla.redhat.com/show_bug.cgi?id=692133

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

https://nvd.nist.gov/vuln/detail/CVE-2011-1425

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1425

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1425

EUVD