Executive Summary

Informations
NameCVE-2011-3970First vendor Publication2012-02-08
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20364
 
Oval ID: oval:org.mitre.oval:def:20364
Title: VMware vSphere security updates for the authentication service and third party libraries
Description: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3970
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14818
 
Oval ID: oval:org.mitre.oval:def:14818
Title: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3970
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25355
 
Oval ID: oval:org.mitre.oval:def:25355
Title: SUSE-SU-2013:1656-1 -- Security update for libxslt
Description: libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1656-1
CVE-2013-4520
CVE-2012-2825
CVE-2012-6139
CVE-2011-3970
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
Product(s): libxslt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25077
 
Oval ID: oval:org.mitre.oval:def:25077
Title: SUSE-SU-2013:1654-1 -- Security update for libxslt
Description: libxslt receives hereby a LTSS roll-up security update to fix several security issues: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) * CVE-2012-6139: libxslt allowed remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. * CVE-2012-2825: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. * CVE-2011-3970: libxslt allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1654-1
CVE-2013-4520
CVE-2012-2825
CVE-2012-6139
CVE-2011-3970
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): libxslt
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2038
Application1

OpenVAS Exploits

DateDescription
2012-10-05Name : Ubuntu Update for libxslt USN-1595-1
File : nvt/gb_ubuntu_USN_1595_1.nasl
2012-10-03Name : Fedora Update for libxslt FEDORA-2012-14048
File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl
2012-09-27Name : Fedora Update for libxslt FEDORA-2012-14083
File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl
2012-09-17Name : RedHat Update for libxslt RHSA-2012:1265-01
File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl
2012-09-17Name : CentOS Update for libxslt CESA-2012:1265 centos5
File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl
2012-09-17Name : CentOS Update for libxslt CESA-2012:1265 centos6
File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl
2012-03-12Name : Gentoo Security Advisory GLSA 201202-01 (chromium)
File : nvt/glsa_201202_01.nasl
2012-03-12Name : Gentoo Security Advisory GLSA 201203-08 (libxslt)
File : nvt/glsa_201203_08.nasl
2012-03-07Name : Mandriva Update for libxslt MDVSA-2012:028 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_028.nasl
2012-02-14Name : Google Chrome Multiple Vulnerabilities - February 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_feb12_lin.nasl
2012-02-14Name : Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X)
File : nvt/gb_google_chrome_mult_vuln_feb12_macosx.nasl
2012-02-14Name : Google Chrome Multiple Vulnerabilities - February 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_feb12_win.nasl
2012-02-12Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium2.nasl

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-02-07IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0036787
2013-02-07IAVM : 2013-B-0012 - VMware vCenter 4.1 Server and vSphere 4.1 Client Memory Corruption Vulnerability
Severity : Category II - VMSKEY : V0036789

Nessus® Vulnerability Scanner

DateDescription
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0001.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-108.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-142.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libxslt-120214.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_1022489_remote.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-11-12Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxslt-131106.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-123.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2013-02-16Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO
2013-02-11Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2013-0001.nasl - Type : ACT_GATHER_INFO
2012-12-10Name : The remote Fedora host is missing a security update.
File : fedora_2012-15716.nasl - Type : ACT_GATHER_INFO
2012-10-05Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1595-1.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-14048.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-14083.nasl - Type : ACT_GATHER_INFO
2012-09-15Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120913_libxslt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-09-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-04-06Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxslt-8019.nasl - Type : ACT_GATHER_INFO
2012-04-04Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxslt-120214.nasl - Type : ACT_GATHER_INFO
2012-03-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-08.nasl - Type : ACT_GATHER_INFO
2012-03-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-028.nasl - Type : ACT_GATHER_INFO
2012-02-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201202-01.nasl - Type : ACT_GATHER_INFO
2012-02-10Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_fe1976c2531711e19e9900262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-02-09Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_17_0_963_46.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://code.google.com/p/chromium/issues/detail?id=110277
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html
SUSE https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2017-09-19 09:25:05
  • Multiple Updates
2016-06-28 18:52:31
  • Multiple Updates
2016-04-26 21:11:11
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-11-08 13:29:54
  • Multiple Updates
2014-10-12 13:26:47
  • Multiple Updates
2014-06-14 13:31:52
  • Multiple Updates
2014-02-17 11:05:50
  • Multiple Updates
2013-12-20 13:19:07
  • Multiple Updates
2013-11-15 13:20:14
  • Multiple Updates
2013-11-11 12:39:38
  • Multiple Updates
2013-05-10 23:09:40
  • Multiple Updates