CVE - CVE-2011-1425

CVE-ID
CVE-2011-1425	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:47135 URL:http://www.securityfocus.com/bid/47135 CONFIRM:http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780 CONFIRM:http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa CONFIRM:http://trac.webkit.org/changeset/79159 CONFIRM:https://bugs.webkit.org/show_bug.cgi?id=52688 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=692133 DEBIAN:DSA-2219 URL:http://www.debian.org/security/2011/dsa-2219 MANDRIVA:MDVSA-2011:063 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:063~~ (Obsolete source) MLIST:[xmlsec] 20110331 New xmlsec 1.2.17 release URL:http://www.aleksey.com/pipermail/xmlsec/2011/009120.html REDHAT:RHSA-2011:0486 URL:http://www.redhat.com/support/errata/RHSA-2011-0486.html SECTRACK:1025284 URL:http://www.securitytracker.com/id?1025284 SECUNIA:43920 URL:http://secunia.com/advisories/43920 SECUNIA:44167 URL:http://secunia.com/advisories/44167 SECUNIA:44423 URL:http://secunia.com/advisories/44423 VUPEN:ADV-2011-0855 URL:~~http://www.vupen.com/english/advisories/2011/0855~~ (Obsolete source) VUPEN:ADV-2011-0858 URL:~~http://www.vupen.com/english/advisories/2011/0858~~ (Obsolete source) VUPEN:ADV-2011-1010 URL:~~http://www.vupen.com/english/advisories/2011/1010~~ (Obsolete source) VUPEN:ADV-2011-1172 URL:~~http://www.vupen.com/english/advisories/2011/1172~~ (Obsolete source) XF:xmlsecurity-xmlfiles-sec-bypass(66506) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Assigning CNA
MITRE Corporation
Date Record Created
20110314	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110314)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)