CVE-2011-1425
CVE-2011-1425
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/17993não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fahttps://bugs.webkit.org/show_bug.cgi?id=52688https://bugzilla.redhat.com/show_bug.cgi?id=692133http://secunia.com/advisories/43920http://secunia.com/advisories/44167http://secunia.com/advisories/44423https://exchange.xforce.ibmcloud.com/vulnerabilities/66506http://trac.webkit.org/changeset/79159http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlhttp://www.debian.org/security/2011/dsa-2219http://www.mandriva.com/security/advisories?name=MDVSA-2011:063