CVE-2011-1425

Опубликовано: 04 апр. 2011

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*

Версия до 1.2.16 (включая)

cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*

cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.09609

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2011-1425

ubuntu

около 14 лет назад

CVE-2011-1425

redhat

около 14 лет назад

CVE-2011-1425

debian

около 14 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...

GHSA-63qq-pm7h-vc34

github

около 3 лет назад

ELSA-2011-0486

oracle-oval

около 14 лет назад

ELSA-2011-0486: xmlsec1 security and bug fix update (MODERATE)

EPSS

Процентиль: 92%

0.09609

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-264