• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2011-1202
  1. CVEs

CVE-2011-1202

medium
  • Information
  • CPEs
  • Plugins

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

References

http://code.google.com/p/chromium/issues/detail?id=73716

http://downloads.avaya.com/css/P8/documents/100144158

http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f

http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:079

http://www.mandriva.com/security/advisories?name=MDVSA-2012:164

http://www.securityfocus.com/bid/46785

http://www.vupen.com/english/advisories/2011/0628

https://bugzilla.redhat.com/show_bug.cgi?id=684386

https://exchange.xforce.ibmcloud.com/vulnerabilities/65966

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244

Details

Source: MITRE

Published: 2011-03-11

Updated: 2020-06-04

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2023 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance