PT-2012-1218 · Gnome+4 · Libxslt+4

Published

2012-02-01

Updated

2018-01-18

CVE-2012-0057

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.9

Description The issue is related to improper security settings in the libxslt library of the PHP interpreter, which is associated with privilege management errors. This allows a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Recommendations For PHP versions prior to 5.3.9, update to version 5.3.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libxslt output extension in XSLT stylesheets to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2022-02604

CESA-2012_1046

CVE-2012-0057

DSA-2399-1

RHSA-2012:1045

RHSA-2012:1046

RHSA-2012:1047

RHSA-2012_1045

RHSA-2012_1046

RHSA-2012_1047

Affected Products

Centos

Php

Red Hat

Suse

Libxslt

PT-2012-1218 · Gnome+4 · Libxslt+4

CVE-2012-0057

Weakness Enumeration

Related Identifiers

Affected Products

References · 69