Lucene search

K

[email protected]CVE-2015-7995

HistoryNov 17, 2015 - 3:59 p.m.

CVE-2015-7995

2015-11-1715:59:16

[email protected]

web.nvd.nist.gov

77

cve-2015-7995

libxslt

xsltstyleprecompute

denial of service

type confusion

xml

security issue

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a “type confusion” issue.

Affected configurations

NVD

Node

appleiphone_osRange≤9.2

OR

applemac_os_xRange≤10.11.2

OR

appletvosRange≤9.1

OR

applewatchosRange≤2.1

Node

xmlsoftlibxsltRange≤1.1.28

CPENameOperatorVersion
apple:iphone_osapple iphone osle9.2
apple:mac_os_xapple mac os xle10.11.2
apple:tvosapple tvosle9.1
apple:watchosapple watchosle2.1

References

lists.apple.com/archives/security-announce/2016/Jan/msg00002.html

lists.apple.com/archives/security-announce/2016/Jan/msg00003.html

lists.apple.com/archives/security-announce/2016/Jan/msg00005.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

lists.opensuse.org/opensuse-updates/2016-05/msg00123.html

www.debian.org/security/2016/dsa-3605

www.openwall.com/lists/oss-security/2015/10/27/10

www.openwall.com/lists/oss-security/2015/10/28/4

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.securityfocus.com/bid/77325

www.securitytracker.com/id/1034736

www.securitytracker.com/id/1038623

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546

bugzilla.redhat.com/show_bug.cgi?id=1257962

git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

puppet.com/security/cve/cve-2015-7995

support.apple.com/HT205729

support.apple.com/HT205731

support.apple.com/HT205732

support.apple.com/HT206168

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

Related for CVE-2015-7995

ubuntucve1 nessus25 openvas17 mageia1 prion1 slackware1 cvelist1 archlinux1 debiancve1 freebsd1 nvd1 osv7 debian3 ibm1 rubygems1 ubuntu1 apple10 rosalinux1 androidsecurity1 tenable1