CVE-2011-1425 - OpenCVE

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Webkit
Aleksey	Xml Security Library

Configuration 1 [-]

OR	cpe:2.3:a:aleksey:xml_security_library::::::::
	cpe:2.3:a:aleksey:xml_security_library:0.0.1:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.2:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.2a:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.3:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.4:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.5:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.6:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.7:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.8:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.9:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.10:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.11:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.12:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.13:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.14:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.0.15:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.1.0:::::::*
	cpe:2.3:a:aleksey:xml_security_library:0.1.1:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.0.0:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1::::::
	cpe:2.3:a:aleksey:xml_security_library:1.0.1:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.0.2:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.0.3:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.0.4:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.1.0:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.1.1:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.1.2:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.0:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.1:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.2:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.3:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.4:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.5:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.6:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.7:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.8:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.9:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.10:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.11:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.13:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.14:::::::*
	cpe:2.3:a:aleksey:xml_security_library:1.2.15:::::::*
	cpe:2.3:a:apple:webkit::::::::

References

Link	Resource
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780	Patch
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa	Patch
http://secunia.com/advisories/43920	Vendor Advisory
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://trac.webkit.org/changeset/79159
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html	Patch
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securityfocus.com/bid/47135
http://www.securitytracker.com/id?1025284
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
https://bugs.webkit.org/show_bug.cgi?id=52688
https://bugzilla.redhat.com/show_bug.cgi?id=692133	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506