libxslt is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service condition.
libxslt 1.1.28 is vulnerable; other versions may also be affected.
Information
Oracle Solaris 11.3
HP Version Control Repository Manager 7.4.1
HP Version Control Repository Manager 7.4
HP Version Control Repository Manager 7.3.4
HP Version Control Repository Manager 7.3.1
HP Version Control Repository Manager 7.3
HP Version Control Repository Manager 7.2.2
HP Version Control Repository Manager 7.2.1
HP Version Control Repository Manager 7.2
HP Version Control Repository Manager 7.5.0
HP Version Control Repository Manager 7.3.3
HP Version Control Repository Manager 7.3.2
HP Systems Insight Manager 7.1.1
HP Systems Insight Manager 7.5.0
HP Systems Insight Manager 7.4
HP Systems Insight Manager 7.3.2
HP Systems Insight Manager 7.3.1
HP Systems Insight Manager 7.3
HP Systems Insight Manager 7.2.2
HP Systems Insight Manager 7.2.1
HP Systems Insight Manager 7.2
HP Systems Insight Manager 7.0
HP System Management Homepage 7.5.4
HP System Management Homepage 7.5
HP System Management Homepage 7.4.1
HP System Management Homepage 7.3.2
HP System Management Homepage 7.2.3
HP System Management Homepage 7.2.2
HP System Management Homepage 7.2.1
HP System Management Homepage 7.2
HP System Management Homepage 7.1.2
HP System Management Homepage 7.1.1
HP System Management Homepage 7.4
HP System Management Homepage 7.3.3.1
HP System Management Homepage 7.3.1
HP System Management Homepage 7.3
HP System Management Homepage 7.2.4.1
HP System Management Homepage 7.1
HP System Management Homepage 7.0
HP Server Migration Pack 7.5
HP Insight Control server provisioning 7.4.1
HP Insight Control server provisioning 7.5.0
HP Insight Control server provisioning 7.4.0
HP Insight Control 7.5
HP Insight Control 7.4
HP Insight Control 7.3
HP Insight Control 7.2
Google Android 4.4.4
Apple tvOS 9.1
Apple tvOS 9.0
Apple Mac Os X 10.11.2
Apple Mac Os X 10.11.1
Apple Mac Os X 10.10.5
Apple Mac OS X 10.9.5
Apple Mac Os X 10.11
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple Apple TV 7.0.3
Apple Apple TV 7.0.2
Apple Apple TV 7.0.1
Apple Apple TV 6.0.2
Apple Apple TV 5.2.1
Apple Apple TV 5.1.1
Apple Apple TV 4.4.2
Apple Apple TV 4.4
Apple Apple TV 7.2
Apple Apple TV 7.1
Apple Apple TV 7
Apple Apple TV 6.1.2
Apple Apple TV 6.1.1
Apple Apple TV 6.1
Apple Apple TV 6.0
Apple Apple TV 5.2.0
Apple Apple TV 5.2
Apple Apple TV 5.1.1
Apple Apple TV 5.1.0
Apple Apple TV 5.1
Apple Apple TV 5.0.2
Apple Apple TV 5.0.1
Apple Apple TV 5.0
Apple Apple TV 4.4
Apple Apple TV 4.3.0
Apple Apple TV 4.3
Apple Apple TV 4.2.2
Apple Apple TV 4.2.1
Apple Apple TV 4.2.0
Apple Apple TV 4.2
Apple Apple TV 4.1.0
Apple Apple TV 4.1
Apple Apple TV 4.0
HP Version Control Repository Manager 7.5.1
HP Systems Insight Manager 7.5.1
HP System Management Homepage 7.5.5
HP Server Migration Pack 7.5.1
HP Insight Control server provisioning 7.5.1
HP Insight Control 7.5.1
Apple tvOS 9.1.1
Apple Mac Os X 10.11.3
Apple Mac Os X Security Update 2016
Apple iOS 9.2.1
Apple Apple TV 7.2.1
Exploit
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.
References:
- libxslt Homepage (XMLSoft)
- Android Security Bulletinâ??June 2017 (Google)
- [slackware-security] libxslt (SSA:2016-148-02) (Slackware)
- APPLE-SA-2016-01-25-1 About the security content of tvOS 9.1.1 (Apple)
- Bug 1257962 - libxslt: Type confusion may cause DoS (Bugzilla)
- Fix code preproc.c (Bugzilla)
- HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vu (HP)
- libxslt xsltStylePreCompute() type confusion DoS (Seclists.org)
- Oracle Solaris Third Party Bulletin - January 2016 (Oracle)