CVE-2019-11068
Description
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.991
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Oracle Java SE 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE 8u311 (x64) | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement -Kit 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement Kit 8u311 (x64) | Windows |
| Vulnerabilities CVE-2019-11068 are fixed in Ruby-nokogiri 1.10.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt-debugsource-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt-tools-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt-tools-debuginfo-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt1-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt1-32bit-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt1-debuginfo-1.1.28-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1232-1(SUSE Linux Enterprise Desktop 12-SP4 ) libxslt1-debuginfo-32bit-1.1.28-17.3.1.x86_64.rpm | Linux |
| (RHSA-2020:4005) libxslt security update libxslt-1.1.28-6.el7.i686.rpm | Linux |
| (RHSA-2020:4005) libxslt security update libxslt-1.1.28-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:4005) libxslt security update libxslt-devel-1.1.28-6.el7.i686.rpm | Linux |
| (RHSA-2020:4005) libxslt security update libxslt-devel-1.1.28-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:4005) libxslt security update libxslt-python-1.1.28-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-1.1.32-5.el8.i686.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-1.1.32-5.el8.x86_64.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-debugsource-1.1.32-5.el8.i686.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-debugsource-1.1.32-5.el8.x86_64.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-devel-1.1.32-5.el8.i686.rpm | Linux |
| (RHSA-2020:4464) libxslt security update libxslt-devel-1.1.32-5.el8.x86_64.rpm | Linux |
| (RHSA-2020:4005)Moderate: security update libxslt-debuginfo-1.1.28-6.el7.i686.rpm | Linux |
| (RHSA-2020:4005)Moderate: security update libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:4464)Moderate: security update libxslt-debuginfo-1.1.32-5.el8.i686.rpm | Linux |
| (RHSA-2020:4464)Moderate: security update libxslt-debuginfo-1.1.32-5.el8.x86_64.rpm | Linux |
| Libxslt update (ELSA-2020-4464) libxslt-1.1.32-5.0.1.el8.i686.rpm | Linux |
| Libxslt update (ELSA-2020-4464) libxslt-1.1.32-5.0.1.el8.x86_64.rpm | Linux |
| Libxslt-devel update (ELSA-2020-4464) libxslt-devel-1.1.32-5.0.1.el8.i686.rpm | Linux |
| Libxslt-devel update (ELSA-2020-4464) libxslt-devel-1.1.32-5.0.1.el8.x86_64.rpm | Linux |
| libxslt Security Update (ALAS-2020-1535) libxslt-1.1.28-6.amzn2.i686.rpm | Linux |
| libxslt Security Update (ALAS-2020-1535) libxslt-1.1.28-6.amzn2.x86_64.rpm | Linux |
| libxslt Security Update (ALAS-2020-1535) libxslt-devel-1.1.28-6.amzn2.x86_64.rpm | Linux |
| libxslt Security Update (ALAS-2020-1535) libxslt-python-1.1.28-6.amzn2.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-11068 are fixed in Ruby-nokogiri for Linux 1.10.3 | Linux |
| CVE-2019-11068 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323264 | Java 8 Update 321 (8.0.3210.7) (JRE) |
| PATCH-323263 | Java 8 Update 321 (64-bit) (8.0.3210.7) (JRE) |
| PATCH-323267 | Java SE Development Kit 8 Update 321 (32-bit) (8.0.3210.7) (JDK) |
| PATCH-323266 | Java SE Development Kit 8 Update 321 (64-bit) (8.0.3210.7) (JDK) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234