CVE-2016-1841
published 2016-05-20CVE-2016-1841: libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code…
PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.36%
81.6th percentile
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 9.3.2 | 9.3.2 |
| apple | mac_os_x | < 10.11.5 | 10.11.5 |
| apple | os_x_el_capitan_v10.11.5_and_security_update_2016-003 | — | — |
| apple | tvos | < 9.2.1 | 9.2.1 |
| apple | tvos | — | — |
| apple | watchos | < 2.2.1 | 2.2.1 |
| apple | watchos | — | — |
| debian | libxslt | < libxslt 1.1.29-1 (bookworm) | libxslt 1.1.29-1 (bookworm) |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.1 | 1.1.28-2ubuntu0.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.1 | 1.1.28-2.1ubuntu0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2017-04-28·CVSS 5.0
CVE-2015-7995 [MEDIUM] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() f
Debian
CVE-2016-1841: libxslt - libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2...
vendor_debian·2016·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: libxslt - libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2...
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Scope: local
bookworm: resolved (fixed in 1.1.29-1)
bullseye: resolved (fixed in 1.1.29-1)
forky: resolved (fixed in 1.1.29-1)
sid: resolved (fixed in 1.1.29-1)
trixie: resolved (fixed in 1.1.29-1)
Red Hat
libxslt: Use after free in xsltDocumentFunctionLoadDocument
vendor_redhat·2015-11-18·CVSS 8.8
CVE-2016-1841 [HIGH] CWE-416 libxslt: Use after free in xsltDocumentFunctionLoadDocument
libxslt: Use after free in xsltDocumentFunctionLoadDocument
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Package: libxslt (Red Hat Enterprise Linux 5) - Will not fix
Package: libxslt (Red Hat Enterprise Linux 6) - Will not fix
Package: libxslt (Red Hat Enterprise Linux 7) - Will not fix
Package: libxslt (Red Hat Enterprise Linux OpenStack Platform 6 (Juno)) - Will not fix
Package: libxslt (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) - Will not fix
Package: libxslt (Red Hat Enterprise MRG 2) - Will not fix
Package: libxslt (Red Hat Gluster Storage 3.1) - Will not fix
Package: libxslt (Re
Apple
CVE-2016-1841: iOS 9.3.2
vendor_apple·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: iOS 9.3.2
Apple Security Update: About the security content of iOS 9.3.2
Product: iOS
Version: 9.3.2
CVE: CVE-2016-1841
Component: CVE-ID
Apple
CVE-2016-1841: watchOS 2.2.1
vendor_apple·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: watchOS 2.2.1
Apple Security Update: About the security content of watchOS 2.2.1
Product: watchOS
Version: 2.2.1
CVE: CVE-2016-1841
Component: CVE-ID
Apple
CVE-2016-1841: OS X El Capitan v10.11.5 and Security Update 2016-003
vendor_apple·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple Security Update: About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003
Product: OS X El Capitan v10.11.5 and Security Update 2016-003
CVE: CVE-2016-1841
Component: CVE-ID
Apple
CVE-2016-1841: tvOS 9.2.1
vendor_apple·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: tvOS 9.2.1
Apple Security Update: About the security content of tvOS 9.2.1
Product: tvOS
Version: 9.2.1
CVE: CVE-2016-1841
Component: CVE-ID
GHSA
GHSA-6fw4-w39p-32q3: libxslt, as used in Apple iOS before 9
ghsa_unreviewed·2022-05-14
CVE-2016-1841 [HIGH] CWE-119 GHSA-6fw4-w39p-32q3: libxslt, as used in Apple iOS before 9
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
OSV
libxslt vulnerabilities
osv·2017-04-28·CVSS 5.0
CVE-2017-5029 [MEDIUM] libxslt vulnerabilities
libxslt vulnerabilities
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker
could use this to craft a malici
OSV
CVE-2016-1841: libxslt, as used in Apple iOS before 9
osv·2016-05-20·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841: libxslt, as used in Apple iOS before 9
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
bugzilla·2016-11-10·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ver
Bugzilla
CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
bugzilla·2016-11-10·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument
bugzilla·2016-11-10·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument
CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument
A use after free vulnerability was found in xsltDocumentFunctionLoadDocument that can be triggered via crafted XML document.
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=758291
Upstream patch:
https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1393782]
---
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1393783]
Affects: epel-7 [bug 1393784]
Bugzilla
CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [epel-7]
bugzilla·2016-11-10·CVSS 8.8
CVE-2016-1841 [HIGH] CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [epel-7]
CVE-2016-1841 mingw-libxslt: libxslt: Use after free in xsltDocumentFunctionLoadDocument [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by:
Bugzilla
CVE-2016-5406 EAP7 Privilege escalation when managing domain including earlier version slaves
bugzilla·2016-07-22·CVSS 8.8
CVE-2016-5406 [HIGH] CVE-2016-5406 EAP7 Privilege escalation when managing domain including earlier version slaves
CVE-2016-5406 EAP7 Privilege escalation when managing domain including earlier version slaves
Escalation of priveleges can occur when a Domain Controller process is managing slave Host Controllers running EAP 6.2, 6.3 or 6.4.
The domain controller will not propagate its administrative RBAC configuration to those slaves, resulting in the slaves (and the servers they manage) granting administrators full administrative privileges.
Discussion:
Acknowledgments:
Name: Tomaz Cerar (Red Hat)
---
Knowledge Base article:
https://access.redhat.com/articles/2463641
---
This issue has been addressed in the following products:
Via RHSA-2016:1841 https://rhn.redhat.com/errata/RHSA-2016-1841.html
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Applicati
http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://www.securityfocus.com/bid/90691http://www.securitytracker.com/id/1035890https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT206564https://support.apple.com/HT206566https://support.apple.com/HT206567https://support.apple.com/HT206568http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://www.securityfocus.com/bid/90691http://www.securitytracker.com/id/1035890https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT206564https://support.apple.com/HT206566https://support.apple.com/HT206567https://support.apple.com/HT206568
2016-05-20
Published