Search for vulnerabilities
Vulnerability details: VCID-uxna-3wyq-aaah
Vulnerability ID VCID-uxna-3wyq-aaah
Aliases CVE-2011-1202
Summary The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2011:0471
rhas Important https://access.redhat.com/errata/RHSA-2012:1265
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.00373 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
epss 0.03038 https://api.first.org/data/v1/epss?cve=CVE-2011-1202
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2011-1202
generic_textual low https://www.mozilla.org/en-US/security/advisories/mfsa2011-18
Reference id Reference type URL
http://code.google.com/p/chromium/issues/detail?id=73716
http://downloads.avaya.com/css/P8/documents/100144158
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1202
https://bugzilla.redhat.com/show_bug.cgi?id=684386
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
617413 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*
CVE-2011-1202 https://nvd.nist.gov/vuln/detail/CVE-2011-1202
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2011-18 https://www.mozilla.org/en-US/security/advisories/mfsa2011-18
RHSA-2011:0471 https://access.redhat.com/errata/RHSA-2011:0471
RHSA-2012:1265 https://access.redhat.com/errata/RHSA-2012:1265
USN-1112-1 https://usn.ubuntu.com/1112-1/
USN-1121-1 https://usn.ubuntu.com/1121-1/
USN-1122-1 https://usn.ubuntu.com/1122-1/
USN-1122-2 https://usn.ubuntu.com/1122-2/
USN-1123-1 https://usn.ubuntu.com/1123-1/
USN-1595-1 https://usn.ubuntu.com/1595-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1202
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.69841
EPSS Score 0.00314
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.