CVE-2012-0057

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 02 Feb 2012, 00:00
Last modified:06 Aug 2024, 18:09

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.4 MEDIUM
v2.0 (nvd)
EPSS Score
1.59% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Feb 2012, 00:00
Published
Vulnerability first disclosed
06 Aug 2024, 18:09
Last Modified
Vulnerability information updated

Description

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

CVSS Metrics

  • v2.0MEDIUMScore: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 1.59% Percentile: 82%

Techniques & Countermeasures

  • CWE-264Permissions, Privileges, and Access Controls

    Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

  • UnknownPHP

    ≤ 5.3.8 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.4 | 5.2.5 | 5.2.6 | 5.2.7 | 5.2.8 | 5.2.9 | 5.2.10 | 5.2.11 | 5.2.12 | 5.2.13 | 5.2.14 | 5.2.15 | 5.2.16 | 5.2.17 | 5.3.0 | 5.3.1 | 5.3.2 | 5.3.3 | 5.3.4 | 5.3.5 | 5.3.6 | 5.3.7

References (21)