Vulnerability Details CVE-2011-1425
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v2 Score 5.1
References
- http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
- http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
- http://secunia.com/advisories/43920
- http://secunia.com/advisories/44167
- http://secunia.com/advisories/44423
- http://trac.webkit.org/changeset/79159
- http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
- http://www.debian.org/security/2011/dsa-2219
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
- http://www.redhat.com/support/errata/RHSA-2011-0486.html
- http://www.securityfocus.com/bid/47135
- http://www.securitytracker.com/id?1025284
- http://www.vupen.com/english/advisories/2011/0855
- http://www.vupen.com/english/advisories/2011/0858
- http://www.vupen.com/english/advisories/2011/1010
- http://www.vupen.com/english/advisories/2011/1172
- https://bugs.webkit.org/show_bug.cgi?id=52688
- https://bugzilla.redhat.com/show_bug.cgi?id=692133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
- http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
- http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
- http://secunia.com/advisories/43920
- http://secunia.com/advisories/44167
- http://secunia.com/advisories/44423
- http://trac.webkit.org/changeset/79159
- http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
- http://www.debian.org/security/2011/dsa-2219
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
- http://www.redhat.com/support/errata/RHSA-2011-0486.html
- http://www.securityfocus.com/bid/47135
- http://www.securitytracker.com/id?1025284
- http://www.vupen.com/english/advisories/2011/0855
- http://www.vupen.com/english/advisories/2011/0858
- http://www.vupen.com/english/advisories/2011/1010
- http://www.vupen.com/english/advisories/2011/1172
- https://bugs.webkit.org/show_bug.cgi?id=52688
- https://bugzilla.redhat.com/show_bug.cgi?id=692133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Products affected by CVE-2011-1425
-
cpe:2.3:a:aleksey:xml_security_library:*
-
cpe:2.3:a:aleksey:xml_security_library:0.0.1
-
cpe:2.3:a:aleksey:xml_security_library:0.0.10
-
cpe:2.3:a:aleksey:xml_security_library:0.0.11
-
cpe:2.3:a:aleksey:xml_security_library:0.0.12
-
cpe:2.3:a:aleksey:xml_security_library:0.0.13
-
cpe:2.3:a:aleksey:xml_security_library:0.0.14
-
cpe:2.3:a:aleksey:xml_security_library:0.0.15
-
cpe:2.3:a:aleksey:xml_security_library:0.0.2
-
cpe:2.3:a:aleksey:xml_security_library:0.0.2a
-
cpe:2.3:a:aleksey:xml_security_library:0.0.3
-
cpe:2.3:a:aleksey:xml_security_library:0.0.4
-
cpe:2.3:a:aleksey:xml_security_library:0.0.5
-
cpe:2.3:a:aleksey:xml_security_library:0.0.6
-
cpe:2.3:a:aleksey:xml_security_library:0.0.7
-
cpe:2.3:a:aleksey:xml_security_library:0.0.8
-
cpe:2.3:a:aleksey:xml_security_library:0.0.9
-
cpe:2.3:a:aleksey:xml_security_library:0.1.0
-
cpe:2.3:a:aleksey:xml_security_library:0.1.1
-
cpe:2.3:a:aleksey:xml_security_library:1.0.0
-
cpe:2.3:a:aleksey:xml_security_library:1.0.1
-
cpe:2.3:a:aleksey:xml_security_library:1.0.2
-
cpe:2.3:a:aleksey:xml_security_library:1.0.3
-
cpe:2.3:a:aleksey:xml_security_library:1.0.4
-
cpe:2.3:a:aleksey:xml_security_library:1.1.0
-
cpe:2.3:a:aleksey:xml_security_library:1.1.1
-
cpe:2.3:a:aleksey:xml_security_library:1.1.2
-
cpe:2.3:a:aleksey:xml_security_library:1.2.0
-
cpe:2.3:a:aleksey:xml_security_library:1.2.1
-
cpe:2.3:a:aleksey:xml_security_library:1.2.10
-
cpe:2.3:a:aleksey:xml_security_library:1.2.11
-
cpe:2.3:a:aleksey:xml_security_library:1.2.13
-
cpe:2.3:a:aleksey:xml_security_library:1.2.14
-
cpe:2.3:a:aleksey:xml_security_library:1.2.15
-
cpe:2.3:a:aleksey:xml_security_library:1.2.2
-
cpe:2.3:a:aleksey:xml_security_library:1.2.3
-
cpe:2.3:a:aleksey:xml_security_library:1.2.4
-
cpe:2.3:a:aleksey:xml_security_library:1.2.5
-
cpe:2.3:a:aleksey:xml_security_library:1.2.6
-
cpe:2.3:a:aleksey:xml_security_library:1.2.7
-
cpe:2.3:a:aleksey:xml_security_library:1.2.8
-
cpe:2.3:a:aleksey:xml_security_library:1.2.9
-
cpe:2.3:a:apple:webkit:-
-
cpe:2.3:a:apple:webkit:103
-
cpe:2.3:a:apple:webkit:106.2
-
cpe:2.3:a:apple:webkit:124
-
cpe:2.3:a:apple:webkit:125.2
-
cpe:2.3:a:apple:webkit:125.4
-
cpe:2.3:a:apple:webkit:125.5.5
-
cpe:2.3:a:apple:webkit:125.5.7
-
cpe:2.3:a:apple:webkit:254245
-
cpe:2.3:a:apple:webkit:254246
-
cpe:2.3:a:apple:webkit:254248
-
cpe:2.3:a:apple:webkit:254249
-
cpe:2.3:a:apple:webkit:254250
-
cpe:2.3:a:apple:webkit:254251
-
cpe:2.3:a:apple:webkit:254252
-
cpe:2.3:a:apple:webkit:254253
-
cpe:2.3:a:apple:webkit:254254
-
cpe:2.3:a:apple:webkit:254255
-
cpe:2.3:a:apple:webkit:254256
-
cpe:2.3:a:apple:webkit:254257
-
cpe:2.3:a:apple:webkit:254259
-
cpe:2.3:a:apple:webkit:254260
-
cpe:2.3:a:apple:webkit:254262
-
cpe:2.3:a:apple:webkit:254264
-
cpe:2.3:a:apple:webkit:254265
-
cpe:2.3:a:apple:webkit:254266
-
cpe:2.3:a:apple:webkit:254268
-
cpe:2.3:a:apple:webkit:254269
-
cpe:2.3:a:apple:webkit:254271
-
cpe:2.3:a:apple:webkit:254281
-
cpe:2.3:a:apple:webkit:254285
-
cpe:2.3:a:apple:webkit:254286
-
cpe:2.3:a:apple:webkit:254287
-
cpe:2.3:a:apple:webkit:254288
-
cpe:2.3:a:apple:webkit:254290
-
cpe:2.3:a:apple:webkit:254291
-
cpe:2.3:a:apple:webkit:254293
-
cpe:2.3:a:apple:webkit:254294
-
cpe:2.3:a:apple:webkit:254946
-
cpe:2.3:a:apple:webkit:254947
-
cpe:2.3:a:apple:webkit:254948
-
cpe:2.3:a:apple:webkit:254949
-
cpe:2.3:a:apple:webkit:254950
-
cpe:2.3:a:apple:webkit:254951
-
cpe:2.3:a:apple:webkit:254952
-
cpe:2.3:a:apple:webkit:254953
-
cpe:2.3:a:apple:webkit:254954
-
cpe:2.3:a:apple:webkit:254955
-
cpe:2.3:a:apple:webkit:254956
-
cpe:2.3:a:apple:webkit:254957
-
cpe:2.3:a:apple:webkit:254958
-
cpe:2.3:a:apple:webkit:254959
-
cpe:2.3:a:apple:webkit:254960
-
cpe:2.3:a:apple:webkit:254961
-
cpe:2.3:a:apple:webkit:254962
-
cpe:2.3:a:apple:webkit:254963
-
cpe:2.3:a:apple:webkit:254964
-
cpe:2.3:a:apple:webkit:254965
-
cpe:2.3:a:apple:webkit:254969
-
cpe:2.3:a:apple:webkit:254970
-
cpe:2.3:a:apple:webkit:254971
-
cpe:2.3:a:apple:webkit:254975
-
cpe:2.3:a:apple:webkit:254976
-
cpe:2.3:a:apple:webkit:254977
-
cpe:2.3:a:apple:webkit:254978
-
cpe:2.3:a:apple:webkit:254979
-
cpe:2.3:a:apple:webkit:254981
-
cpe:2.3:a:apple:webkit:254982
-
cpe:2.3:a:apple:webkit:312.1
-
cpe:2.3:a:apple:webkit:312.5
-
cpe:2.3:a:apple:webkit:312.5.2
-
cpe:2.3:a:apple:webkit:312.8
-
cpe:2.3:a:apple:webkit:312.8.1
-
cpe:2.3:a:apple:webkit:412
-
cpe:2.3:a:apple:webkit:412.6
-
cpe:2.3:a:apple:webkit:412.7
-
cpe:2.3:a:apple:webkit:413
-
cpe:2.3:a:apple:webkit:416.11
-
cpe:2.3:a:apple:webkit:416.12
-
cpe:2.3:a:apple:webkit:417.10
-
cpe:2.3:a:apple:webkit:417.9
-
cpe:2.3:a:apple:webkit:418
-
cpe:2.3:a:apple:webkit:418.8
-
cpe:2.3:a:apple:webkit:418.9
-
cpe:2.3:a:apple:webkit:418.9.1
-
cpe:2.3:a:apple:webkit:419
-
cpe:2.3:a:apple:webkit:419.2
-
cpe:2.3:a:apple:webkit:419.2.1
-
cpe:2.3:a:apple:webkit:420
-
cpe:2.3:a:apple:webkit:51
-
cpe:2.3:a:apple:webkit:512.11
-
cpe:2.3:a:apple:webkit:512.11.3
-
cpe:2.3:a:apple:webkit:522
-
cpe:2.3:a:apple:webkit:522.10.1
-
cpe:2.3:a:apple:webkit:522.12.1
-
cpe:2.3:a:apple:webkit:522.13.1
-
cpe:2.3:a:apple:webkit:522.8.2
-
cpe:2.3:a:apple:webkit:53524
-
cpe:2.3:a:apple:webkit:85
-
cpe:2.3:a:apple:webkit:85.7
-
cpe:2.3:a:apple:webkit:85.8.2
-
cpe:2.3:a:apple:webkit:85.8.5