CVE-2011-1425
xmlsec1 - file overwrite
EPSS 9.3%
Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
How to fix CVE-2011-1425
To remediate CVE-2011-1425, upgrade the affected package to a fixed version below.
- Debian/xmlsec1—upgrade to 1.2.14-1.1 or later
- Debian/xmlsec1—upgrade to 1.2.9-5+lenny1 or later
Is CVE-2011-1425 being exploited?
Moderate — EPSS is 9.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.2.14-1.1
- from 0, < 1.2.9-5+lenny1