Lucene search

[email protected]CVE-2011-1774

HistoryJul 21, 2011 - 11:55 p.m.

CVE-2011-1774

2011-07-2123:55:02

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-1774

webkit

apple safari

libxslt

security settings

remote attackers

arbitrary files

arbitrary code

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.969 High

EPSS

Percentile

99.7%

JSON

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

Affected configurations

NVD

Node

applesafariRange≤5.0.5

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch3.2.2

applesafariMatch4.1

applesafariMatch4.1.1

applesafariMatch4.1.2

applesafariMatch5.0

applesafariMatch5.0.1

applesafariMatch5.0.2

applesafariMatch5.0.3

applesafariMatch5.0.4

applewebkit

AND

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.8

applemac_os_xMatch10.6.9

applemac_os_xMatch10.7.0

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.8

applemac_os_x_serverMatch10.6.9

applemac_os_x_serverMatch10.7.0

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_xpsp2

microsoftwindows_xpsp3

CPENameOperatorVersion
apple:safariapple safarile5.0.5
apple:safariapple safarieq1.0
apple:safariapple safarieq1.0.0
apple:safariapple safarieq1.0.0b1
apple:safariapple safarieq1.0.0b2
apple:safariapple safarieq1.0.1
apple:safariapple safarieq1.0.2
apple:safariapple safarieq1.0.3
apple:safariapple safarieq1.1
apple:safariapple safarieq1.1.0

CPE	Name	Operator	Version
apple:safari	apple safari	le	5.0.5
apple:safari	apple safari	eq	1.0
apple:safari	apple safari	eq	1.0.0
apple:safari	apple safari	eq	1.0.0b1
apple:safari	apple safari	eq	1.0.0b2
apple:safari	apple safari	eq	1.0.1
apple:safari	apple safari	eq	1.0.2
apple:safari	apple safari	eq	1.0.3
apple:safari	apple safari	eq	1.1
apple:safari	apple safari	eq	1.1.0