CVE-2012-0007
published 2012-01-10CVE-2012-0007: The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
19.28%
97.0th percentile
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | anti-cross_site_scripting_library | — | — |
| microsoft | anti-cross_site_scripting_library | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →XSS bypass via CSS escaped character sequences in HTML input passed to AntiXSS Library sanitization functions; monitor for CSS escape sequences (e.g., backslash-hex encoding) in HTML submitted to applications using AntiXSS 3.x or 4.0 ↗
- →Monitor calls to Microsoft.Security.Application.Sanitizer.GetSafeHtml() and GetSafeHtmlFragment() with inputs containing CSS escape sequences, as these are the vulnerable sanitization entry points ↗
- →Successful exploitation may result in theft of cookie-based authentication credentials; monitor for anomalous cookie exfiltration following XSS payloads in applications using AntiXSS Library ↗
- ·Vulnerability affects Microsoft Anti-Cross Site Scripting Library versions 3.x and 4.0 only; later versions are not listed as affected ↗
- ·The bypass is specific to the sanitization module's handling of CSS escaped characters; other sanitization paths may not be affected ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fgq2-gmxg-w62w: The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3
ghsa_unreviewed·2022-05-04
CVE-2012-0007 [MEDIUM] CWE-79 GHSA-fgq2-gmxg-w62w: The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
Red Hat
kernel: incomplete fix for CVE-2011-2482
vendor_redhat·2012-01-10·CVSS 7.5
CVE-2011-4348 [HIGH] CWE-662 kernel: incomplete fix for CVE-2011-2482
kernel: incomplete fix for CVE-2011-2482
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.
Statement: This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG as they were not vulnerable to CVE-2011-2482. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affect
Red Hat
kernel: nfs: diotest4 from LTP crash client null pointer deref
vendor_redhat·2012-01-10·CVSS 4.9
CVE-2011-4325 [MEDIUM] CWE-476 kernel: nfs: diotest4 from LTP crash client null pointer deref
kernel: nfs: diotest4 from LTP crash client null pointer deref
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
Statement: This issue did not affect the version of the Linux kernel as shipped with Red
Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affected
Red Hat
kernel: hfs: add sanity check for file name length
vendor_redhat·2011-11-09·CVSS 7.2
CVE-2011-4330 [HIGH] kernel: hfs: add sanity check for file name length
kernel: hfs: add sanity check for file name length
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
Statement: This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not include support for the Hierarchical File System (HFS) file system. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affected
Red Hat
kernel: jbd/jbd2: invalid value of first log block leads to oops
vendor_redhat·2011-11-01·CVSS 2.1
CVE-2011-4132 [LOW] kernel: jbd/jbd2: invalid value of first log block leads to oops
kernel: jbd/jbd2: invalid value of first log block leads to oops
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
Statement: This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat
Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.c
Red Hat
kernel: xfs: potential buffer overflow in xfs_readlink()
vendor_redhat·2011-04-08·CVSS 6.9
CVE-2011-4077 [MEDIUM] kernel: xfs: potential buffer overflow in xfs_readlink()
kernel: xfs: potential buffer overflow in xfs_readlink()
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for XFS filesystem. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
Package: kernel (Re
Red Hat
kernel: proc: fix oops on invalid /proc/<pid>/maps access
vendor_redhat·2011-03-28·CVSS 5.5
CVE-2011-3637 [MEDIUM] kernel: proc: fix oops on invalid /proc/<pid>/maps access
kernel: proc: fix oops on invalid /proc//maps access
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
Statement: This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 6 as it did not backport the upstream commit ec6fd8a4 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Affected
Red Hat
kernel: no access restrictions of /proc/pid/* after setuid program exec
vendor_redhat·2011-02-07·CVSS 4.6
CVE-2011-1020 [MEDIUM] kernel: no access restrictions of /proc/pid/* after setuid program exec
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively
Red Hat
kernel: nfsv4: mknod(2) DoS
vendor_redhat·2008-12-23·CVSS 4.9
CVE-2011-4324 [MEDIUM] kernel: nfsv4: mknod(2) DoS
kernel: nfsv4: mknod(2) DoS
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.
Statement: This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not have the vulnerable code as introduced in history:1a7bc914. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updat
No detection rules found.
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 13
blogs_zscaler·CVSS 8.1
[HIGH] Zscaler Protects against Microsoft's Patch Cycle | Round 13
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2011-4330 kernel: hfs: add sanity check for file name length
bugzilla·2011-11-21·CVSS 7.2
CVE-2011-4330 [HIGH] CVE-2011-4330 kernel: hfs: add sanity check for file name length
CVE-2011-4330 kernel: hfs: add sanity check for file name length
On a corrupted file system the ->len field could be wrong leading to a buffer overflow.
https://lkml.org/lkml/2011/11/9/303
Upstream commit:
http://git.kernel.org/linus/bc5b8a9003132ae44559edd63a1623
Acknowledgements:
Red Hat would like to thank Clement Lecigne for reporting this issue.
Discussion:
Statement:
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not include support for the Hierarchical File System (HFS) file system. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0007 ht
Bugzilla
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
bugzilla·2011-11-21·CVSS 4.9
CVE-2011-4324 [MEDIUM] CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
Creating a file with mknod(2) syscall on a nfsv4 mount can trigger BUG().
Discussion:
Eryu Guan 2011-11-18 02:16:30 EST
Upstream commit
commit dc0b027dfadfcb8a5504f7d8052754bf8d501ab9
Author: Trond Myklebust
Date: Tue Dec 23 15:21:56 2008 -0500
NFSv4: Convert the open and close ops to use fmode
Signed-off-by: Trond Myklebust
removed the BUGON() at fs/nfs/nfs4xdr.c:894
---
Statement:
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not have the vulnerable code as introduced in history:1a7bc914. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maint
Bugzilla
CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops
bugzilla·2011-11-11·CVSS 2.1
CVE-2011-4132 [LOW] CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops
CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops
A flaw was found in the way Linux kernel's Journaling Block Device (JBD) handled invalid log first block value. An attacker able to mount malicious ext3 or ext4 image could use this flaw to crash the system.
Upstream commit:
8762202dd0d6e46854f786bdb6fb3780a1625efe
Discussion:
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 753346]
---
Statement:
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA
http://secunia.com/advisories/47483http://secunia.com/advisories/47516http://www.securityfocus.com/bid/51291http://www.securitytracker.com/id?1026499http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-007https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14314http://secunia.com/advisories/47483http://secunia.com/advisories/47516http://www.securityfocus.com/bid/51291http://www.securitytracker.com/id?1026499http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-007https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14314
2012-01-10
Published