PT-2011-2944 · Libxslt+2 · Libxslt+2

Chris Evans

Publicado

2011-03-11

Atualizado

2024-12-12

CVE-2011-1202

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libxslt versions 1.1.26 and earlier

Description The issue allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. This is related to the xsltGenerateIdFunction function in functions.c.

Recommendations For libxslt versions 1.1.26 and earlier, consider updating to a version later than 1.1.26 to resolve the issue. As a temporary workaround, consider restricting the use of the generate-id XPath function in XML documents until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CESA-2012_1265

CVE-2011-1202

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2011:0471

RHSA-2011_0471

RHSA-2012:1265

RHSA-2012_1265

Produtos afetados

Centos

Red Hat

Libxslt

PT-2011-2944 · Libxslt+2 · Libxslt+2

CVE-2011-1202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2122