CVE-2012-2825

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

References

http://code.google.com/p/chromium/issues/detail?id=127417

http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

http://secunia.com/advisories/54886

http://support.apple.com/kb/HT5934

http://support.apple.com/kb/HT6001

https://hermes.opensuse.org/messages/15075728

https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

Details

Source: MITRE

Published: 2012-06-27

Updated: 2014-01-28

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:20.0.1132.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 20.0.1132.42 (inclusive)

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
89661VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)NessusMisc.
critical
80695Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)NessusSolaris Local Security Checks
medium
74680openSUSE Security Update : libxslt / libxslt-python (openSUSE-SU-2012:0883-1)NessusSuSE Local Security Checks
medium
74660openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)NessusSuSE Local Security Checks
high
72105Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
72104Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)NessusWindows
high
70886ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)NessusMisc.
medium
70843SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)NessusSuSE Local Security Checks
medium
70589Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
70588Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
70257Apple TV < 6.0 Multiple VulnerabilitiesNessusMisc.
high
69984Apple iOS < 7 Multiple VulnerabilitiesNessusMobile Devices
high
69613Amazon Linux AMI : libxslt (ALAS-2012-123)NessusAmazon Linux Local Security Checks
medium
68622Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)NessusOracle Linux Local Security Checks
medium
66061Mandriva Linux Security Advisory : libxslt (MDVSA-2013:047)NessusMandriva Local Security Checks
medium
64642VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party librariesNessusVMware ESX Local Security Checks
critical
8095iTunes for Windows < 11.1.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
64207SuSE 11.1 Security Update : libxslt (SAT Patch Number 6491)NessusSuSE Local Security Checks
medium
63195Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)NessusFedora Local Security Checks
medium
62435Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)NessusUbuntu Local Security Checks
medium
62328Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)NessusFedora Local Security Checks
medium
62326Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)NessusFedora Local Security Checks
medium
62107Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64 (20120913)NessusScientific Linux Local Security Checks
medium
62090RHEL 5 / 6 : libxslt (RHSA-2012:1265)NessusRed Hat Local Security Checks
medium
62085CentOS 5 / 6 : libxslt (CESA-2012:1265)NessusCentOS Local Security Checks
medium
61962Mandriva Linux Security Advisory : libxslt (MDVSA-2012:109)NessusMandriva Local Security Checks
medium
61542GLSA-201208-03 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
60104SuSE 10 Security Update : libxslt (ZYPP Patch Number 8207)NessusSuSE Local Security Checks
medium
800967Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6508Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
59735Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesNessusWindows
high
8013Apple iOS < 7.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical