Xmlsoft Libxslt 漏洞

时间轴

版本

1.0.02
1.0.12
1.0.22
1.0.32
1.0.42

修正

Official Fix2
Temporary Fix0
Workaround0
Unavailable0
Not Defined2

易受攻击性

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined2

访问向量

Not Defined0
Physical0
Local0
Adjacent0
Network4

身份验证

Not Defined0
High0
Low0
None4

用户交互

Not Defined0
Required0
None4

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤40
≤50
≤62
≤70
≤82
≤90
≤100

CVSSv3 Temp

≤10
≤20
≤30
≤40
≤50
≤62
≤72
≤80
≤90
≤100

VulDB

≤10
≤20
≤30
≤40
≤50
≤62
≤70
≤82
≤90
≤100

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

供应商

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k2
<2k0
<5k2
<10k0
<25k0
<50k0
<100k0
≥100k0

本日攻击

<1k4
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

攻击市场容量

Affected Versions (44): 1, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.0.17, 1.0.18, 1.0.19, 1.0.21, 1.0.22, 1.0.23, 1.0.24, 1.0.25, 1.0.26, 1.0.27, 1.0.28, 1.1.1, 1.1.2, 1.1.8, 1.1.9, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.1.19, 1.1.21, 1.1.22, 1.1.23, 1.1.24

已发布BaseTemp漏洞0day今天修正CTICVE
2013-12-145.35.1XMLSoft libxslt xslt.c 拒绝服务$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2013-4520
2013-04-125.35.1XMLSoft libxslt keys.c xsltDocumentFunction 拒绝服务$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2012-6139
2008-08-017.36.9XMLSoft libxslt Encryption crypto.c 内存损坏$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2008-2935

更多条目由 Xmlsoft

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!