CVE-2011-1202 - OpenCVE

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xmlsoft	Libxslt
Google	Chrome

Configuration 1 [-]

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:xmlsoft:libxslt::::::::

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=73716	Exploit Issue Tracking Patch Vendor Advisory
http://downloads.avaya.com/css/P8/documents/100144158	Third Party Advisory
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f	Patch Third Party Advisory
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html	Vendor Advisory
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164	Third Party Advisory
http://www.securityfocus.com/bid/46785	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0628	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=684386	Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-03-11T01:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2011-03-03T00:00:00

Link: CVE-2011-1202

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-03-11T02:01:20.200

Modified: 2020-06-04T14:16:14.097

Link: CVE-2011-1202

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:14244", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"}, {"name": "46785", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46785"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"}, {"name": "MDVSA-2011:079", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"}, {"tags": ["x_refsource_MISC"], "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=73716"}, {"name": "google-xslt-info-disclosure(65966)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"}, {"name": "MDVSA-2012:164", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.avaya.com/css/P8/documents/100144158"}, {"name": "ADV-2011-0628", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0628"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:14244", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"}, {"name": "46785", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46785"}, {"name": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f", "refsource": "CONFIRM", "url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"}, {"name": "MDVSA-2011:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"}, {"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"}, {"name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", "refsource": "MISC", "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=73716", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=73716"}, {"name": "google-xslt-info-disclosure(65966)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"}, {"name": "MDVSA-2012:164", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"}, {"name": "http://downloads.avaya.com/css/P8/documents/100144158", "refsource": "CONFIRM", "url": "http://downloads.avaya.com/css/P8/documents/100144158"}, {"name": "ADV-2011-0628", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0628"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1202", "datePublished": "2011-03-11T01:00:00", "dateReserved": "2011-03-03T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7AD8B5C-C973-4445-B111-716D9814CE79", "versionEndExcluding": "10.0.648.127", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0", "versionEndIncluding": "1.1.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la implementaci\u00f3n XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las direcciones de memoria en el mont\u00f3n mediante vectores desconocidos."}], "id": "CVE-2011-1202", "lastModified": "2020-06-04T14:16:14.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-11T02:01:20.200", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=73716"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://downloads.avaya.com/css/P8/documents/100144158"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46785"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0628"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}