CVE-2012-0057

Priority
Medium
Description
PHP before 5.3.9 has improper libxslt security settings, which allows
remote attackers to create arbitrary files via a crafted XSLT stylesheet
that uses the libxslt output extension.
References
Bugs
Notes
 jdstrand> watch out for Debian regression (658087) for DSA-2399-1 in php5-xsl
Assigned-to
sbeattie
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.3.9-1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (5.3.10-1ubuntu1)
Patches:
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317759
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317801
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317953
Vendor:http://www.debian.org/security/2012/dsa-2399
Vendor:http://www.debian.org/security/2012/dsa-2399-2
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:21 UTC (commit 9756)