Vulnerability-Lookup

BDU:2022-02604

Vulnerability from fstec - Published: 02.02.2012

Title

Уязвимость библиотеки libxslt интерпретатора языка программирования PHP, позволяющая нарушителю создать произвольные файлы

Description

Уязвимость библиотеки libxslt интерпретатора языка программирования PHP связана с ошибками управления привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, создать произвольные файлы

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, PHP Group

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, PHP

Software Version

5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 10.10 (Ubuntu), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 5.3.4 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 5 (Debian GNU/Linux), до 5.3.8 включительно (PHP)

Possible Mitigations

Использование рекомендаций: https://bugs.php.net/bug.php?id=54446 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0057.xml Для Ubuntu: https://ubuntu.com/security/CVE-2012-0057 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2012-0057

Reference

https://bugs.php.net/bug.php?id=54446 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/18/3 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/15/10 http://php.net/ChangeLog-5.php#5.3.9 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://www.debian.org/security/2012/dsa-2399 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 https://exchange.xforce.ibmcloud.com/vulnerabilities/72908 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 10.10 (Ubuntu), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 5.3.4 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 5 (Debian GNU/Linux), \u0434\u043e 5.3.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bugs.php.net/bug.php?id=54446\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0057.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2012-0057\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2012-0057",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.02.2012",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02604",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-0057",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Canonical Ltd. Ubuntu 10.10 , Canonical Ltd. Ubuntu 11.10 , Canonical Ltd. Ubuntu 11.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Canonical Ltd. Ubuntu 8.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libxslt \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libxslt \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugs.php.net/bug.php?id=54446\nhttp://openwall.com/lists/oss-security/2012/01/14/2\nhttp://openwall.com/lists/oss-security/2012/01/14/3\nhttp://openwall.com/lists/oss-security/2012/01/15/1\nhttp://openwall.com/lists/oss-security/2012/01/13/4\nhttp://openwall.com/lists/oss-security/2012/01/18/3\nhttp://openwall.com/lists/oss-security/2012/01/13/5\nhttp://openwall.com/lists/oss-security/2012/01/13/10\nhttp://openwall.com/lists/oss-security/2012/01/14/1\nhttp://openwall.com/lists/oss-security/2012/01/15/2\nhttp://openwall.com/lists/oss-security/2012/01/15/10\nhttp://php.net/ChangeLog-5.php#5.3.9\nhttp://openwall.com/lists/oss-security/2012/01/13/6\nhttp://openwall.com/lists/oss-security/2012/01/13/7\nhttp://www.debian.org/security/2012/dsa-2399\nhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html\nhttp://secunia.com/advisories/48668\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72908\nhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html\nhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,8)"
}

CVE-2012-0057 (GCVE-0-2012-0057)

Vulnerability from cvelistv5 – Published: 2012-02-02 00:00 – Updated: 2024-08-06 18:09

Summary

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://openwall.com/lists/oss-security/2012/01/15/1	mailing-listx_refsource_MLIST
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://openwall.com/lists/oss-security/2012/01/13/6	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2012/01/13/5	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2012/dsa-2399	vendor-advisoryx_refsource_DEBIAN
	http://openwall.com/lists/oss-security/2012/01/18/3	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://php.net/ChangeLog-5.php#5.3.9	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://openwall.com/lists/oss-security/2012/01/13/7	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/48668	third-party-advisoryx_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2012/01/15/2	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2012/01/15/10	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2012/01/14/1	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2012/01/14/2	mailing-listx_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://openwall.com/lists/oss-security/2012/01/14/3	mailing-listx_refsource_MLIST
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://openwall.com/lists/oss-security/2012/01/13/4	mailing-listx_refsource_MLIST
	https://bugs.php.net/bug.php?id=54446	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2012/01/13/10	mailing-listx_refsource_MLIST

Date Public ?

2011-10-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/15/1"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/13/6"
          },
          {
            "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/13/5"
          },
          {
            "name": "DSA-2399",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2399"
          },
          {
            "name": "[oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/18/3"
          },
          {
            "name": "SUSE-SU-2012:0411",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-5.php#5.3.9"
          },
          {
            "name": "openSUSE-SU-2012:0426",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
          },
          {
            "name": "SUSE-SU-2012:0472",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html"
          },
          {
            "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/13/7"
          },
          {
            "name": "48668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48668"
          },
          {
            "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/15/2"
          },
          {
            "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/15/10"
          },
          {
            "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/14/1"
          },
          {
            "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/14/2"
          },
          {
            "name": "php-libxslt-security-bypass(72908)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72908"
          },
          {
            "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/14/3"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "[oss-security] 20120113 CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/13/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=54446"
          },
          {
            "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/01/13/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/15/1"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/13/6"
        },
        {
          "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/13/5"
        },
        {
          "name": "DSA-2399",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2399"
        },
        {
          "name": "[oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/18/3"
        },
        {
          "name": "SUSE-SU-2012:0411",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-5.php#5.3.9"
        },
        {
          "name": "openSUSE-SU-2012:0426",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
        },
        {
          "name": "SUSE-SU-2012:0472",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html"
        },
        {
          "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/13/7"
        },
        {
          "name": "48668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48668"
        },
        {
          "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/15/2"
        },
        {
          "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/15/10"
        },
        {
          "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/14/1"
        },
        {
          "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/14/2"
        },
        {
          "name": "php-libxslt-security-bypass(72908)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72908"
        },
        {
          "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/14/3"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "[oss-security] 20120113 CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/13/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=54446"
        },
        {
          "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/01/13/10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0057",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/15/1"
            },
            {
              "name": "HPSBMU02786",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/13/6"
            },
            {
              "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/13/5"
            },
            {
              "name": "DSA-2399",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2399"
            },
            {
              "name": "[oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/18/3"
            },
            {
              "name": "SUSE-SU-2012:0411",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
            },
            {
              "name": "http://php.net/ChangeLog-5.php#5.3.9",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-5.php#5.3.9"
            },
            {
              "name": "openSUSE-SU-2012:0426",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
            },
            {
              "name": "SUSE-SU-2012:0472",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html"
            },
            {
              "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/13/7"
            },
            {
              "name": "48668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48668"
            },
            {
              "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/15/2"
            },
            {
              "name": "[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/15/10"
            },
            {
              "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/14/1"
            },
            {
              "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/14/2"
            },
            {
              "name": "php-libxslt-security-bypass(72908)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72908"
            },
            {
              "name": "[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/14/3"
            },
            {
              "name": "SSRT100877",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "[oss-security] 20120113 CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/13/4"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=54446",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=54446"
            },
            {
              "name": "[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/01/13/10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0057",
    "datePublished": "2012-02-02T00:00:00.000Z",
    "dateReserved": "2011-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:09:17.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-02604

CVE-2012-0057 (GCVE-0-2012-0057)

Tags

Sightings

Nomenclature