Vulnerability Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aleksey | Xml Security Library | <= 1.2.16 |
| Apple | Webkit | All versions |
Related Weaknesses (CWE)
References
- http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb51Patch
- http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8Patch
- http://secunia.com/advisories/43920Vendor Advisory
- http://secunia.com/advisories/44167
- http://secunia.com/advisories/44423
- http://trac.webkit.org/changeset/79159
- http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlPatch
- http://www.debian.org/security/2011/dsa-2219
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
- http://www.redhat.com/support/errata/RHSA-2011-0486.html
- http://www.securityfocus.com/bid/47135
- http://www.securitytracker.com/id?1025284
- http://www.vupen.com/english/advisories/2011/0855
- http://www.vupen.com/english/advisories/2011/0858
- http://www.vupen.com/english/advisories/2011/1010
FAQ
What is CVE-2011-1425?
CVE-2011-1425 is a vulnerability with a CVSS score of 5.1 (MEDIUM). xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involv...
How severe is CVE-2011-1425?
CVE-2011-1425 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1425?
Check the references section above for vendor advisories and patch information. Affected products include: Aleksey Xml Security Library, Apple Webkit.