CVE-2011-0195

Published: Apr 15, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.

Affected (2)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 4.3.0
Apple Iphone Os	Version 4.3.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

Source: product-security@apple.com

http://support.apple.com/kb/HT4723

Source: product-security@apple.com

http://support.apple.com/kb/HT4808

Source: product-security@apple.com

http://www.securitytracker.com/id?1025365

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html