vulnerability

Oracle Solaris 11: CVE-2019-11068: Vulnerability in libxslt

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	2019-04-10	2019-10-16	2022-02-17

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

2019-04-10

Added

2019-10-16

Modified

2022-02-17

Description

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Solution(s)

oracle-solaris-11-3-upgrade-library-libxslt-1-1-33-0-175-3-36-0-19-0oracle-solaris-11-3-upgrade-library-python-libxsl-27-1-1-33-0-175-3-36-0-19-0oracle-solaris-11-4-upgrade-library-libxslt-1-1-33-11-4-14-0-1-1-0

References

CVE-2019-11068
https://attackerkb.com/topics/CVE-2019-11068
URL-https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today