cve-2011-1425
Vulnerability from cvelistv5
Published
2011-04-03 01:00
Modified
2024-08-06 22:28
Severity ?
Summary
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
References
cve@mitre.orghttp://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780Patch
cve@mitre.orghttp://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5faPatch
cve@mitre.orghttp://secunia.com/advisories/43920Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/44167
cve@mitre.orghttp://secunia.com/advisories/44423
cve@mitre.orghttp://trac.webkit.org/changeset/79159
cve@mitre.orghttp://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlPatch
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2219
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:063
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0486.html
cve@mitre.orghttp://www.securityfocus.com/bid/47135
cve@mitre.orghttp://www.securitytracker.com/id?1025284
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0855
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0858
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/1010
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/1172
cve@mitre.orghttps://bugs.webkit.org/show_bug.cgi?id=52688
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=692133Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/66506
af854a3a-2127-422b-91ae-364da2661108http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780Patch
af854a3a-2127-422b-91ae-364da2661108http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5faPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43920Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44167
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44423
af854a3a-2127-422b-91ae-364da2661108http://trac.webkit.org/changeset/79159
af854a3a-2127-422b-91ae-364da2661108http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2219
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0486.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47135
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025284
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0855
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0858
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/1010
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/1172
af854a3a-2127-422b-91ae-364da2661108https://bugs.webkit.org/show_bug.cgi?id=52688
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=692133Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
          },
          {
            "name": "ADV-2011-0855",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0855"
          },
          {
            "name": "1025284",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025284"
          },
          {
            "name": "DSA-2219",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2219"
          },
          {
            "name": "MDVSA-2011:063",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"
          },
          {
            "name": "47135",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.webkit.org/changeset/79159"
          },
          {
            "name": "ADV-2011-1010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1010"
          },
          {
            "name": "[xmlsec] 20110331 New xmlsec 1.2.17 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
          },
          {
            "name": "44423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
          },
          {
            "name": "RHSA-2011:0486",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0486.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
          },
          {
            "name": "ADV-2011-1172",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1172"
          },
          {
            "name": "44167",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44167"
          },
          {
            "name": "43920",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43920"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.webkit.org/show_bug.cgi?id=52688"
          },
          {
            "name": "ADV-2011-0858",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0858"
          },
          {
            "name": "xmlsecurity-xmlfiles-sec-bypass(66506)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
        },
        {
          "name": "ADV-2011-0855",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0855"
        },
        {
          "name": "1025284",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025284"
        },
        {
          "name": "DSA-2219",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2219"
        },
        {
          "name": "MDVSA-2011:063",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"
        },
        {
          "name": "47135",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.webkit.org/changeset/79159"
        },
        {
          "name": "ADV-2011-1010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1010"
        },
        {
          "name": "[xmlsec] 20110331 New xmlsec 1.2.17 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
        },
        {
          "name": "44423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
        },
        {
          "name": "RHSA-2011:0486",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0486.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
        },
        {
          "name": "ADV-2011-1172",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1172"
        },
        {
          "name": "44167",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44167"
        },
        {
          "name": "43920",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43920"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.webkit.org/show_bug.cgi?id=52688"
        },
        {
          "name": "ADV-2011-0858",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0858"
        },
        {
          "name": "xmlsecurity-xmlfiles-sec-bypass(66506)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=692133",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
            },
            {
              "name": "ADV-2011-0855",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0855"
            },
            {
              "name": "1025284",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025284"
            },
            {
              "name": "DSA-2219",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2219"
            },
            {
              "name": "MDVSA-2011:063",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"
            },
            {
              "name": "47135",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47135"
            },
            {
              "name": "http://trac.webkit.org/changeset/79159",
              "refsource": "CONFIRM",
              "url": "http://trac.webkit.org/changeset/79159"
            },
            {
              "name": "ADV-2011-1010",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1010"
            },
            {
              "name": "[xmlsec] 20110331 New xmlsec 1.2.17 release",
              "refsource": "MLIST",
              "url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
            },
            {
              "name": "44423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44423"
            },
            {
              "name": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
            },
            {
              "name": "RHSA-2011:0486",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0486.html"
            },
            {
              "name": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
            },
            {
              "name": "ADV-2011-1172",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1172"
            },
            {
              "name": "44167",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44167"
            },
            {
              "name": "43920",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43920"
            },
            {
              "name": "https://bugs.webkit.org/show_bug.cgi?id=52688",
              "refsource": "CONFIRM",
              "url": "https://bugs.webkit.org/show_bug.cgi?id=52688"
            },
            {
              "name": "ADV-2011-0858",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0858"
            },
            {
              "name": "xmlsecurity-xmlfiles-sec-bypass(66506)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1425",
    "datePublished": "2011-04-03T01:00:00",
    "dateReserved": "2011-03-14T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1425\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-04-04T12:27:57.437\",\"lastModified\":\"2024-11-21T01:26:16.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.\"},{\"lang\":\"es\",\"value\":\"xslt.c en XML Security Library (tambi\u00e9n conocido como xmlsec)anterior a v1.2.17 como se usaba en WebKit y otros productos, cuando XSLT es habilitado, permite a atacantes remotos crear o sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de vectores que involucran la extensi\u00f3n de salida libxslt y un elemento ds:Transform durante la verificaci\u00f3n de firma.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.16\",\"matchCriteriaId\":\"3C511EF6-D408-40F6-B698-5C4179FA1D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48013BD3-56E4-4882-8DE6-66E17C5E2700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4381CEA6-37E4-4AD0-9247-74EC552D3A93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104D29A5-117F-4BF2-BBC0-744EB7B14699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349086B-57F4-407B-B6D7-34906B74CC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66221F0D-6BA6-4892-B820-3C1190935167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7167841F-F3BB-4641-B004-CB73C73DC61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29567BC6-1D73-4B8D-B518-35BE505ECC56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73030AD3-5DA1-4047-96C7-AEDC110844EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CC46659-2D47-4F7D-87DA-17120BB94F31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C930806C-7025-4201-AAC1-1717A1547096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF2E3C32-7F16-4E69-A73E-FE26C04CF9C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DACBE500-4813-42C6-8108-1E8A105EA7DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B014F4-3CDE-41C2-A822-09751DAD1A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F82EE1-A737-41D9-95B6-66504747D107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA2888ED-A494-4D69-8F60-8D8D63FB3FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34AE6EB-A099-40F6-8524-4B4F6995D5CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39911070-E4D2-419F-9861-8CBA02527FD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D76F2C1-9FBC-4FFE-AB60-526D74247E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A505E1-5891-43B1-955D-663EFE3E489C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB3566E-3F7F-490B-9DF4-BCFE22C6D29A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DCD31F-DA97-469E-9739-CA4D358107FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC086D9-DCD7-4B11-B6EB-7FE6455B68F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3CD349-D3A0-4FB7-B717-2AF2F3F8574F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFD0250E-7971-4890-A0FC-A4EF6CAB17FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766B027F-7938-4768-B714-160278981634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1235A593-FADF-42BC-9FAA-15E7D1A30397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55CCEF0C-83B0-4EA4-9771-1D5E93597439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37908D6B-A4A4-4879-8153-4580B2FD937C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1253AC74-B285-4784-A08C-C8E5EC0693FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9817DA5-858D-4543-A033-D294275F1686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D550EAB0-1C45-4137-AFF0-245DD79DC617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A459702-8FAD-4854-8425-C44F1A76FA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EC24DFE-04AE-43B8-A8AA-9429492B71CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9552F93-EDE1-49A8-9BD7-D3BBE5FD3261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A79CF64-1F88-46B1-BE59-27A8474109C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0869B698-2FAC-4AF3-9897-937577121FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0500195F-A2C6-4D0B-A5AC-98AF00AF427E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AADDA51-66A9-42B5-AAFF-708A8EBE983A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B34BB41-AB3E-468C-942E-A95A087DFA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA8E9710-E55C-4E00-B3E1-FD7A471F5B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB51E6A-A99B-44A3-AF37-D685E61BC9C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"009BDE1D-C3B9-4EC7-8149-6074AA8EEB15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461EFB63-7933-488C-BB4E-7C913364F5A9\"}]}]}],\"references\":[{\"url\":\"http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/43920\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44167\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44423\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://trac.webkit.org/changeset/79159\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.aleksey.com/pipermail/xmlsec/2011/009120.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2219\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:063\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0486.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47135\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025284\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0855\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1010\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1172\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=52688\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=692133\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66506\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/43920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://trac.webkit.org/changeset/79159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.aleksey.com/pipermail/xmlsec/2011/009120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0486.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=52688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=692133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.