Rapid7 Vulnerability & Exploit Database

ELSA-2011-0486 Moderate: Oracle Linux xmlsec1 security and bug fix update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2011-0486 Moderate: Oracle Linux xmlsec1 security and bug fix update

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

Published

04/04/2011

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Solution(s)

oracle-linux-upgrade-xmlsec1
oracle-linux-upgrade-xmlsec1-devel
oracle-linux-upgrade-xmlsec1-gnutls
oracle-linux-upgrade-xmlsec1-gnutls-devel
oracle-linux-upgrade-xmlsec1-nss
oracle-linux-upgrade-xmlsec1-nss-devel
oracle-linux-upgrade-xmlsec1-openssl
oracle-linux-upgrade-xmlsec1-openssl-devel

References

https://attackerkb.com/topics/cve-2011-1425
47135
CVE - 2011-1425
DSA-2219
RHSA-2011:0486
http://oss.oracle.com/pipermail/el-errata/2011-May/002118.html
http://oss.oracle.com/pipermail/el-errata/2011-May/002119.html
66506

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;