CVE-2011-1425
published 2011-04-04CVE-2011-1425: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or…
PriorityP341medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.06%
94.1th percentile
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Affected
99 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aleksey | xml_security_library | <= 1.2.16 | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
| aleksey | xml_security_library | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
xmlsec1: arbitrary file creation when verifying signatures
vendor_redhat·2011-03-31·CVSS 5.1
CVE-2011-1425 [MEDIUM] xmlsec1: arbitrary file creation when verifying signatures
xmlsec1: arbitrary file creation when verifying signatures
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Debian
CVE-2011-1425: xmlsec1 - xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and...
vendor_debian·2011·CVSS 5.1
CVE-2011-1425 [MEDIUM] CVE-2011-1425: xmlsec1 - xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and...
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
Scope: local
bookworm: resolved (fixed in 1.2.14-1.1)
bullseye: resolved (fixed in 1.2.14-1.1)
forky: resolved (fixed in 1.2.14-1.1)
sid: resolved (fixed in 1.2.14-1.1)
trixie: resolved (fixed in 1.2.14-1.1)
GHSA
GHSA-g72c-6w48-gpw9: WebKit in Apple Safari before 5
ghsa_unreviewed·2022-05-17·CVSS 5.1
CVE-2011-1774 [MEDIUM] CWE-20 GHSA-g72c-6w48-gpw9: WebKit in Apple Safari before 5
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
GHSA
GHSA-63qq-pm7h-vc34: xslt
ghsa_unreviewed·2022-05-17
CVE-2011-1425 [MEDIUM] GHSA-63qq-pm7h-vc34: xslt
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
OSV
CVE-2011-1425: xslt
osv·2011-04-04·CVSS 5.1
CVE-2011-1425 [MEDIUM] CVE-2011-1425: xslt
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
No detection rules found.
Bugzilla
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [fedora-all]
bugzilla·2011-04-01·CVSS 5.1
CVE-2011-1425 [MEDIUM] CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [fedora-all]
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=692133
Please note: this issue affec
Bugzilla
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [epel-6]
bugzilla·2011-04-01·CVSS 5.1
CVE-2011-1425 [MEDIUM] CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [epel-6]
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures [epel-6]
epel-6 tracking bug for xmlsec1: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
It looks like this is still vulnerable from 2011 and has never been updated.
Can anyone confirm that this is still a problem and has not been patched in the EPEL packages?
---
The latest built in epel-6 is xmlsec1-1.2.16-2.el6, from 2010, and pre-dates this bug report.
---
xmlsec1-1.2.19-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/xmlsec1-1.2.19-3.el6
---
Package xmlsec1-1.2.19-3.el6:
* should f
Bugzilla
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures
bugzilla·2011-03-30·CVSS 5.1
CVE-2011-1425 [MEDIUM] CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures
CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures
Nicolas Grégoire discovered that xmlsec1 can create a file with attacker-specified path name and content when xmlsec1 is used to verify a signature of a specially-crafted XML file specifying XSLT transformation. This may be used to create or overwrite arbitrary file writeable to the user running xmlsec1.
This issue was addressed upstream via following commit, which disables XSLT read/write by default:
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
Acknowledgements:
Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue.
Discussion:
Public now via xmlsec upstream release 1.2.17:
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
---
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fahttp://secunia.com/advisories/43920http://secunia.com/advisories/44167http://secunia.com/advisories/44423http://trac.webkit.org/changeset/79159http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlhttp://www.debian.org/security/2011/dsa-2219http://www.mandriva.com/security/advisories?name=MDVSA-2011:063http://www.redhat.com/support/errata/RHSA-2011-0486.htmlhttp://www.securityfocus.com/bid/47135http://www.securitytracker.com/id?1025284http://www.vupen.com/english/advisories/2011/0855http://www.vupen.com/english/advisories/2011/0858http://www.vupen.com/english/advisories/2011/1010http://www.vupen.com/english/advisories/2011/1172https://bugs.webkit.org/show_bug.cgi?id=52688https://bugzilla.redhat.com/show_bug.cgi?id=692133https://exchange.xforce.ibmcloud.com/vulnerabilities/66506http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fahttp://secunia.com/advisories/43920http://secunia.com/advisories/44167http://secunia.com/advisories/44423http://trac.webkit.org/changeset/79159http://www.aleksey.com/pipermail/xmlsec/2011/009120.htmlhttp://www.debian.org/security/2011/dsa-2219http://www.mandriva.com/security/advisories?name=MDVSA-2011:063http://www.redhat.com/support/errata/RHSA-2011-0486.htmlhttp://www.securityfocus.com/bid/47135http://www.securitytracker.com/id?1025284http://www.vupen.com/english/advisories/2011/0855http://www.vupen.com/english/advisories/2011/0858http://www.vupen.com/english/advisories/2011/1010http://www.vupen.com/english/advisories/2011/1172https://bugs.webkit.org/show_bug.cgi?id=52688https://bugzilla.redhat.com/show_bug.cgi?id=692133https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
2011-04-04
Published