ID CVE-2012-2870
Summary libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
References
Vulnerable Configurations
  • Apple iPhone OS 6.1.4
    cpe:2.3:o:apple:iphone_os:6.1.4
  • Apple iPhone OS 1.0.0
    cpe:2.3:o:apple:iphone_os:1.0.0
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPhone OS 3.0
    cpe:2.3:o:apple:iphone_os:3.0
  • Apple iPhone OS 3.0.1
    cpe:2.3:o:apple:iphone_os:3.0.1
  • Apple iPhone OS 3.1
    cpe:2.3:o:apple:iphone_os:3.1
  • Apple iPhone OS 3.1.2
    cpe:2.3:o:apple:iphone_os:3.1.2
  • Apple iPhone OS 3.1.3
    cpe:2.3:o:apple:iphone_os:3.1.3
  • Apple iPhone OS 3.2
    cpe:2.3:o:apple:iphone_os:3.2
  • Apple iPhone OS 3.2.1
    cpe:2.3:o:apple:iphone_os:3.2.1
  • Apple iPhone OS 3.2.2
    cpe:2.3:o:apple:iphone_os:3.2.2
  • Apple iPhone OS 4.0
    cpe:2.3:o:apple:iphone_os:4.0
  • Apple iPhone OS 4.0.1
    cpe:2.3:o:apple:iphone_os:4.0.1
  • Apple iPhone OS 4.0.2
    cpe:2.3:o:apple:iphone_os:4.0.2
  • Apple iPhone OS 4.1
    cpe:2.3:o:apple:iphone_os:4.1
  • Apple iPhone OS 4.2.1
    cpe:2.3:o:apple:iphone_os:4.2.1
  • Apple iPhone OS 4.2.5
    cpe:2.3:o:apple:iphone_os:4.2.5
  • Apple iPhone OS 4.2.8
    cpe:2.3:o:apple:iphone_os:4.2.8
  • Apple iPhone OS 4.3.0
    cpe:2.3:o:apple:iphone_os:4.3.0
  • Apple iPhone OS 4.3.1
    cpe:2.3:o:apple:iphone_os:4.3.1
  • Apple iPhone OS 4.3.2
    cpe:2.3:o:apple:iphone_os:4.3.2
  • Apple iPhone OS 4.3.3
    cpe:2.3:o:apple:iphone_os:4.3.3
  • Apple iPhone OS 4.3.5
    cpe:2.3:o:apple:iphone_os:4.3.5
  • Apple iPhone OS 5.0
    cpe:2.3:o:apple:iphone_os:5.0
  • Apple iPhone OS 5.0.1
    cpe:2.3:o:apple:iphone_os:5.0.1
  • Apple iPhone OS 5.1
    cpe:2.3:o:apple:iphone_os:5.1
  • Apple iPhone OS 5.1.1
    cpe:2.3:o:apple:iphone_os:5.1.1
  • Apple iPhone OS 6.0
    cpe:2.3:o:apple:iphone_os:6.0
  • Apple iPhone OS 6.0.1
    cpe:2.3:o:apple:iphone_os:6.0.1
  • Apple iPhone OS 6.0.2
    cpe:2.3:o:apple:iphone_os:6.0.2
  • Apple iPhone OS 6.1
    cpe:2.3:o:apple:iphone_os:6.1
  • Apple iPhone OS 6.1.2
    cpe:2.3:o:apple:iphone_os:6.1.2
  • Apple iPhone OS 6.1.3
    cpe:2.3:o:apple:iphone_os:6.1.3
  • Google Chrome 21.0.1180.74
    cpe:2.3:a:google:chrome:21.0.1180.74
  • Google Chrome 21.0.1180.75
    cpe:2.3:a:google:chrome:21.0.1180.75
  • Google Chrome 21.0.1180.76
    cpe:2.3:a:google:chrome:21.0.1180.76
  • Google Chrome 21.0.1180.77
    cpe:2.3:a:google:chrome:21.0.1180.77
  • Google Chrome 21.0.1180.78
    cpe:2.3:a:google:chrome:21.0.1180.78
  • Google Chrome 21.0.1180.79
    cpe:2.3:a:google:chrome:21.0.1180.79
  • Google Chrome 21.0.1180.80
    cpe:2.3:a:google:chrome:21.0.1180.80
  • Google Chrome 21.0.1180.81
    cpe:2.3:a:google:chrome:21.0.1180.81
  • Google Chrome 21.0.1180.82
    cpe:2.3:a:google:chrome:21.0.1180.82
  • Google Chrome 21.0.1180.83
    cpe:2.3:a:google:chrome:21.0.1180.83
  • Google Chrome 21.0.1180.84
    cpe:2.3:a:google:chrome:21.0.1180.84
  • Google Chrome 21.0.1180.85
    cpe:2.3:a:google:chrome:21.0.1180.85
  • Google Chrome 21.0.1180.86
    cpe:2.3:a:google:chrome:21.0.1180.86
  • Google Chrome 21.0.1180.87
    cpe:2.3:a:google:chrome:21.0.1180.87
  • Google Chrome 21.0.1180.88
    cpe:2.3:a:google:chrome:21.0.1180.88
  • Google Chrome 21.0.1180.61
    cpe:2.3:a:google:chrome:21.0.1180.61
  • Google Chrome 21.0.1180.63
    cpe:2.3:a:google:chrome:21.0.1180.63
  • Google Chrome 21.0.1180.62
    cpe:2.3:a:google:chrome:21.0.1180.62
  • Google Chrome 21.0.1180.72
    cpe:2.3:a:google:chrome:21.0.1180.72
  • Google Chrome 21.0.1180.71
    cpe:2.3:a:google:chrome:21.0.1180.71
  • Google Chrome 21.0.1180.73
    cpe:2.3:a:google:chrome:21.0.1180.73
  • Google Chrome 21.0.1180.68
    cpe:2.3:a:google:chrome:21.0.1180.68
  • Google Chrome 21.0.1180.64
    cpe:2.3:a:google:chrome:21.0.1180.64
  • Google Chrome 21.0.1180.70
    cpe:2.3:a:google:chrome:21.0.1180.70
  • Google Chrome 21.0.1180.69
    cpe:2.3:a:google:chrome:21.0.1180.69
  • Google Chrome 21.0.1180.36
    cpe:2.3:a:google:chrome:21.0.1180.36
  • Google Chrome 21.0.1180.35
    cpe:2.3:a:google:chrome:21.0.1180.35
  • Google Chrome 21.0.1180.34
    cpe:2.3:a:google:chrome:21.0.1180.34
  • Google Chrome 21.0.1180.33
    cpe:2.3:a:google:chrome:21.0.1180.33
  • Google Chrome 21.0.1180.32
    cpe:2.3:a:google:chrome:21.0.1180.32
  • Google Chrome 21.0.1180.31
    cpe:2.3:a:google:chrome:21.0.1180.31
  • Google Chrome 21.0.1180.2
    cpe:2.3:a:google:chrome:21.0.1180.2
  • Google Chrome 21.0.1180.1
    cpe:2.3:a:google:chrome:21.0.1180.1
  • Google Chrome 21.0.1180.0
    cpe:2.3:a:google:chrome:21.0.1180.0
  • Google Chrome 21.0.1180.59
    cpe:2.3:a:google:chrome:21.0.1180.59
  • Google Chrome 21.0.1180.60
    cpe:2.3:a:google:chrome:21.0.1180.60
  • Google Chrome 21.0.1180.57
    cpe:2.3:a:google:chrome:21.0.1180.57
  • Google Chrome 21.0.1180.56
    cpe:2.3:a:google:chrome:21.0.1180.56
  • Google Chrome 21.0.1180.54
    cpe:2.3:a:google:chrome:21.0.1180.54
  • Google Chrome 21.0.1180.55
    cpe:2.3:a:google:chrome:21.0.1180.55
  • Google Chrome 21.0.1180.52
    cpe:2.3:a:google:chrome:21.0.1180.52
  • Google Chrome 21.0.1180.53
    cpe:2.3:a:google:chrome:21.0.1180.53
  • Google Chrome 21.0.1180.50
    cpe:2.3:a:google:chrome:21.0.1180.50
  • Google Chrome 21.0.1180.51
    cpe:2.3:a:google:chrome:21.0.1180.51
  • Google Chrome 21.0.1180.48
    cpe:2.3:a:google:chrome:21.0.1180.48
  • Google Chrome 21.0.1180.49
    cpe:2.3:a:google:chrome:21.0.1180.49
  • Google Chrome 21.0.1180.46
    cpe:2.3:a:google:chrome:21.0.1180.46
  • Google Chrome 21.0.1180.47
    cpe:2.3:a:google:chrome:21.0.1180.47
  • Google Chrome 21.0.1180.39
    cpe:2.3:a:google:chrome:21.0.1180.39
  • Google Chrome 21.0.1180.41
    cpe:2.3:a:google:chrome:21.0.1180.41
  • Google Chrome 21.0.1180.37
    cpe:2.3:a:google:chrome:21.0.1180.37
  • Google Chrome 21.0.1180.38
    cpe:2.3:a:google:chrome:21.0.1180.38
  • XMLSoft libxslt 1.1.26
    cpe:2.3:a:xmlsoft:libxslt:1.1.26
  • XMLSoft libxslt 1.1.23
    cpe:2.3:a:xmlsoft:libxslt:1.1.23
  • XMLSoft libxslt 1.1.24
    cpe:2.3:a:xmlsoft:libxslt:1.1.24
  • XMLSoft libxslt 1.1.19
    cpe:2.3:a:xmlsoft:libxslt:1.1.19
  • XMLSoft libxslt 1.1.20
    cpe:2.3:a:xmlsoft:libxslt:1.1.20
  • XMLSoft libxslt 1.1.21
    cpe:2.3:a:xmlsoft:libxslt:1.1.21
  • XMLSoft libxslt 1.1.22
    cpe:2.3:a:xmlsoft:libxslt:1.1.22
  • XMLSoft libxslt 1.1.16
    cpe:2.3:a:xmlsoft:libxslt:1.1.16
  • XMLSoft libxslt 1.1.15
    cpe:2.3:a:xmlsoft:libxslt:1.1.15
  • XMLSoft libxslt 1.1.18
    cpe:2.3:a:xmlsoft:libxslt:1.1.18
  • XMLSoft libxslt 1.1.17
    cpe:2.3:a:xmlsoft:libxslt:1.1.17
  • XMLSoft libxslt 1.1.12
    cpe:2.3:a:xmlsoft:libxslt:1.1.12
  • XMLSoft libxslt 1.1.11
    cpe:2.3:a:xmlsoft:libxslt:1.1.11
  • XMLSoft libxslt 1.1.14
    cpe:2.3:a:xmlsoft:libxslt:1.1.14
  • XMLSoft libxslt 1.1.13
    cpe:2.3:a:xmlsoft:libxslt:1.1.13
  • XMLSoft libxslt 1.1.8
    cpe:2.3:a:xmlsoft:libxslt:1.1.8
  • XMLSoft libxslt 1.1.10
    cpe:2.3:a:xmlsoft:libxslt:1.1.10
  • XMLSoft libxslt 1.1.9
    cpe:2.3:a:xmlsoft:libxslt:1.1.9
CVSS
Base: 4.3 (as of 26-09-2013 - 14:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_21_0_1180_89.NASL
    description The version of Google Chrome installed on the remote host is earlier than 21.0.1180.89 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to line-breaking. (CVE-2012-2865) - Variable casting errors exist related to 'run-ins' and XSL transformations. (CVE-2012-2866, CVE-2012-2871) - An unspecified error exists related to the SPDY protocol that can result in application crashes. (CVE-2012-2867) - A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868) - An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869) - Memory management issues exist related to XPath processing. (CVE-2012-2870) - Cross-site scripting is possible during the SSL interstitial process. (CVE-2012-2872) Successful exploitation of any of these issues could lead to an application crash or arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 61774
    published 2012-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61774
    title Google Chrome < 21.0.1180.89 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2555.NASL
    description Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62440
    published 2012-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62440
    title Debian DSA-2555-1 : libxslt - several vulnerabilities
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_11_1_4_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities : - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the 'iTunes Store'. Please note that these vulnerabilities only affect the application when it is running on a Windows host. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - An error exists related to the iTunes Tutorials window that can allow an attacker in a privileged network location to inject content. Note that this vulnerability only affects the application installed on a Mac OS X host. (CVE-2014-1242)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72105
    published 2014-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72105
    title Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Misc.
    NASL id APPLETV_6_0.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70257
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70257
    title Apple TV < 6.0 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-619.NASL
    description Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards : Please see the Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - [135485 ] Low CVE-2012-2867: Browser crash with SPDY. - [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - [137778 ] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - [138672 ] [ 140368 ] LowCVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74759
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74759
    title openSUSE Security Update : chromium (openSUSE-SU-2012:1215-1)
  • NASL family Windows
    NASL id ITUNES_11_1_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues : - An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution. (CVE-2013-1024) - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70588
    published 2013-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70588
    title Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EE68923DF2F511E1801400262D5ED8EE.NASL
    description Google Chrome Releases reports : [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. [135485] Low CVE-2012-2867: Browser crash with SPDY. [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2013-06-22
    plugin id 61744
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61744
    title FreeBSD : chromium -- multiple vulnerabilities (ee68923d-f2f5-11e1-8014-00262d5ed8ee)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_11_1_2_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities : - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70589
    published 2013-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70589
    title Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064) - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830) - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089) - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202) - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970) - An error exists in the glibc library in the svc_run() function that allows a denial of service. (CVE-2011-4609) - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871) - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution. (CVE-2012-2870) - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70886
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70886
    title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2013-0001.NASL
    description a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 64642
    published 2013-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64642
    title VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1265.NASL
    description Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62090
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62090
    title RHEL 5 / 6 : libxslt (RHSA-2012:1265)
  • NASL family Misc.
    NASL id VMWARE_ESX_VMSA-2013-0001_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 89661
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89661
    title VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14048.NASL
    description Lot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62326
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62326
    title Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14083.NASL
    description Lot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62328
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62328
    title Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1595-1.NASL
    description Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62435
    published 2012-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62435
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-15716.NASL
    description Fix a default namespace regression in 1.1.27 Upstream new release also including a number of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63195
    published 2012-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63195
    title Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-123.NASL
    description A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825 , CVE-2012-2870 , CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69613
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69613
    title Amazon Linux AMI : libxslt (ALAS-2012-123)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71907
    published 2014-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71907
    title GLSA-201401-07 : libxslt: Denial of Service
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXSLT_20140114_2.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. (CVE-2011-1202) - The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. (CVE-2012-2825) - libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. (CVE-2012-2870) - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. (CVE-2012-2871) - Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. (CVE-2012-2893)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80695
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80695
    title Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-164.NASL
    description Multiple vulnerabilities has been discovered and corrected in libxslt : Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors (CVE-2011-1202). libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870). libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h (CVE-2012-2871). Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms (CVE-2012-2893). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 62504
    published 2012-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62504
    title Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1265.NASL
    description From Red Hat Security Advisory 2012:1265 : Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68622
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68622
    title Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)
  • NASL family Windows
    NASL id ITUNES_11_1_4.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues : - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An error exists related to text tracks in movie files that could allow denial of service or arbitrary code execution. (CVE-2013-1024) - An error exists related to the iTunes Tutorials window that could allow an attacker in a privileged network location to inject content. (CVE-2014-1242)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72104
    published 2014-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72104
    title Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1265.NASL
    description Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62085
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62085
    title CentOS 5 / 6 : libxslt (CESA-2012:1265)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-047.NASL
    description A vulnerability has been discovered and corrected in libxslt : The XSL implementation in libxslt allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825). libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870). libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h (CVE-2012-2871). Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms (CVE-2012-2893). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66061
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66061
    title Mandriva Linux Security Advisory : libxslt (MDVSA-2013:047)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120913_LIBXSLT_ON_SL5_X.NASL
    description A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62107
    published 2012-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62107
    title Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64
redhat via4
rpms
  • libxslt-0:1.1.17-4.el5_8.3
  • libxslt-devel-0:1.1.17-4.el5_8.3
  • libxslt-python-0:1.1.17-4.el5_8.3
  • libxslt-0:1.1.26-2.el6_3.1
  • libxslt-devel-0:1.1.26-2.el6_3.1
  • libxslt-python-0:1.1.26-2.el6_3.1
refmap via4
apple
  • APPLE-SA-2013-09-18-2
  • APPLE-SA-2013-10-22-8
confirm
debian DSA-2555
mandriva MDVSA-2012:164
secunia
  • 50838
  • 54886
suse openSUSE-SU-2012:1215
vmware via4
description The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues.
id VMSA-2013-0001
last_updated 2013-05-30T00:00:00
published 2013-01-31T00:00:00
title Update to ESX service console libxslt package
Last major update 27-01-2014 - 23:45
Published 31-08-2012 - 15:55
Back to Top