{
  "threat_severity" : "Low",
  "public_date" : "2011-02-22T00:00:00Z",
  "bugzilla" : {
    "description" : "libxslt: Heap address leak in XLST",
    "id" : "684386",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function." ],
  "statement" : "This issue affects the versions of libxslt package as shipped with Red Hat\nEnterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this\nissue as having low security impact, a future update may address this flaw.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2011-04-29T00:00:00Z",
    "advisory" : "RHSA-2011:0471",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "firefox-0:3.6.17-2.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-04-29T00:00:00Z",
    "advisory" : "RHSA-2011:0471",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:3.6.17-1.el5_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-04-29T00:00:00Z",
    "advisory" : "RHSA-2011:0471",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:1.9.2.17-3.el5_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-09-13T00:00:00Z",
    "advisory" : "RHSA-2012:1265",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "libxslt-0:1.1.17-4.el5_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-04-29T00:00:00Z",
    "advisory" : "RHSA-2011:0471",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:3.6.17-1.el6_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-04-29T00:00:00Z",
    "advisory" : "RHSA-2011:0471",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xulrunner-0:1.9.2.17-4.el6_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-09-13T00:00:00Z",
    "advisory" : "RHSA-2012:1265",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libxslt-0:1.1.26-2.el6_3.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Will not fix",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "mingw32-libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1202\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1202" ],
  "name" : "CVE-2011-1202",
  "csaw" : false
}