PT-2012-1218 · Gnome+4 · Libxslt+4

Publicado

2012-02-01

Atualizado

2018-01-18

CVE-2012-0057

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.9

Description The issue is related to improper security settings in the libxslt library of the PHP interpreter, which is associated with privilege management errors. This allows a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Recommendations For PHP versions prior to 5.3.9, update to version 5.3.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libxslt output extension in XSLT stylesheets to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2022-02604

CESA-2012_1046

CVE-2012-0057

DSA-2399-1

RHSA-2012:1045

RHSA-2012:1046

RHSA-2012:1047

RHSA-2012_1045

RHSA-2012_1046

RHSA-2012_1047

Produtos afetados

Centos

Php

Red Hat

Suse

Libxslt

PT-2012-1218 · Gnome+4 · Libxslt+4

CVE-2012-0057

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69