CVE-2011-1202

CVSS V2 Medium 4.3 CVSS V3 None
Description
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Overview
  • CVE ID
  • CVE-2011-1202
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2011-03-11T02:01:20
  • Last Modified Date
  • 2020-06-04T14:16:14
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 1 OR 10.0.648.127
cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* 1 OR 1.1.26
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://code.google.com/p/chromium/issues/detail?id=73716 Exploit Issue Tracking Patch Vendor Advisory
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html Vendor Advisory
http://www.securityfocus.com/bid/46785 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0628 Permissions Required
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f Patch Third Party Advisory
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=684386 Issue Tracking Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 Third Party Advisory
http://downloads.avaya.com/css/P8/documents/100144158 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-1202
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
History
Created Old Value New Value Data Type Notes
2022-05-10 17:29:07 Added to TrackCVE