CVE-2011-1425
CVE-2011-1425
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/17993no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fahttps://bugs.webkit.org/show_bug.cgi?id=52688https://bugzilla.redhat.com/show_bug.cgi?id=692133http://secunia.com/advisories/43920http://secunia.com/advisories/44167http://secunia.com/advisories/44423https://exchange.xforce.ibmcloud.com/vulnerabilities/66506http://trac.webkit.org/changeset/79159http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlhttp://www.debian.org/security/2011/dsa-2219http://www.mandriva.com/security/advisories?name=MDVSA-2011:063