Home > Vulnerability Database > CVE-2011-1425

Mend.io Vulnerability Database

CVE-2011-1425

Good to know:

Date: April 2, 2011

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Language: C

Severity Score

5.6

Related Resources (23)

Url: http://www.securityfocus.com/bid/47135

Url: http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Url: http://www.vupen.com/english/advisories/2011/1172

Url: http://www.debian.org/security/2011/dsa-2219

Url: https://security-tracker.debian.org/tracker/CVE-2011-1425

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Url: http://www.vupen.com/english/advisories/2011/0855

Url: http://www.redhat.com/support/errata/RHSA-2011-0486.html

Url: http://secunia.com/advisories/44167

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:063

Url: https://bugs.webkit.org/show_bug.cgi?id=52688

Url: http://trac.webkit.org/changeset/79159

Url: https://bugzilla.redhat.com/show_bug.cgi?id=692133

Url: http://www.securitytracker.com/id?1025284

Url: http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Url: http://www.vupen.com/english/advisories/2011/0858

Url: http://www.aleksey.com/pipermail/xmlsec/2011/009120.html

Url: http://www.vupen.com/english/advisories/2011/1010

Url: http://secunia.com/advisories/43920

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1425

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1425

Url: http://secunia.com/advisories/44423

Url: https://www.mend.io/vulnerability-database/CVE-2011-1425

Severity Score

5.6

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version xmlsec-1_2_17

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-1425

Good to know:

Date: April 2, 2011

Language: C

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?