Upstream information
Description
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 7.1 |
Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | None |
Availability Impact | None |
SUSE Security Advisories:
- SUSE-SR:2011:002, published Tue, 25 Jan 2011 11:00:00 +0000
- openSUSE-SU-2011:0024-1, published Wed, 12 Jan 2011 16:08:25 +0100 (CET)
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 07:42:42 2013CVE page last modified: Fri Oct 7 12:45:47 2022