Lucene search

[email protected]CVE-2010-0315

HistoryJan 14, 2010 - 7:30 p.m.

CVE-2010-0315

2010-01-1419:30:00

[email protected]

web.nvd.nist.gov

webkit

r53607

vulnerability

remote attackers

redirect

url

google chrome

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.3

Confidence

High

EPSS

0.055

Percentile

93.3%

JSON

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect’s target URL, for the session of a specific user of a web site, by placing the site’s URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Affected configurations

NVD

Node

googlechromeRange≤4.0.249.78

googlechromeMatch0.2.149.27

googlechromeMatch0.2.149.29

googlechromeMatch0.2.149.30

googlechromeMatch0.2.152.1

googlechromeMatch0.2.153.1

googlechromeMatch0.3.154.0

googlechromeMatch0.3.154.3

googlechromeMatch0.4.154.18

googlechromeMatch0.4.154.22

googlechromeMatch0.4.154.31

googlechromeMatch0.4.154.33

googlechromeMatch1.0.154.36

googlechromeMatch1.0.154.39

googlechromeMatch1.0.154.42

googlechromeMatch1.0.154.43

googlechromeMatch1.0.154.46

googlechromeMatch1.0.154.48

googlechromeMatch1.0.154.52

googlechromeMatch1.0.154.53

googlechromeMatch1.0.154.59

googlechromeMatch1.0.154.65

googlechromeMatch2.0.156.1

googlechromeMatch2.0.157.0

googlechromeMatch2.0.157.2

googlechromeMatch2.0.158.0

googlechromeMatch2.0.159.0

googlechromeMatch2.0.169.0

googlechromeMatch2.0.169.1

googlechromeMatch2.0.170.0

googlechromeMatch2.0.172

googlechromeMatch2.0.172.2

googlechromeMatch2.0.172.8

googlechromeMatch2.0.172.27

googlechromeMatch2.0.172.28

googlechromeMatch2.0.172.30

googlechromeMatch2.0.172.31

googlechromeMatch2.0.172.33

googlechromeMatch2.0.172.37

googlechromeMatch2.0.172.38

googlechromeMatch3.0.182.2

googlechromeMatch3.0.190.2

googlechromeMatch3.0.193.2beta

googlechromeMatch3.0.195.21

googlechromeMatch3.0.195.24

googlechromeMatch3.0.195.32

googlechromeMatch3.0.195.33

VendorProductVersionCPE
googlechrome0.3.154.3cpe:/a:google:chrome:0.3.154.3:::
googlechrome2.0.172.31cpe:/a:google:chrome:2.0.172.31:::
googlechrome0.4.154.33cpe:/a:google:chrome:0.4.154.33:::
googlechrome2.0.157.0cpe:/a:google:chrome:2.0.157.0:::
googlechrome1.0.154.43cpe:/a:google:chrome:1.0.154.43:::
googlechrome2.0.172.38cpe:/a:google:chrome:2.0.172.38:::
googlechrome2.0.170.0cpe:/a:google:chrome:2.0.170.0:::
googlechrome0.4.154.22cpe:/a:google:chrome:0.4.154.22:::
googlechrome2.0.172.30cpe:/a:google:chrome:2.0.172.30:::
googlechrome0.4.154.18cpe:/a:google:chrome:0.4.154.18:::

Vendor	Product	Version	CPE
google	chrome	0.3.154.3	cpe:/a:google:chrome:0.3.154.3:::
google	chrome	2.0.172.31	cpe:/a:google:chrome:2.0.172.31:::
google	chrome	0.4.154.33	cpe:/a:google:chrome:0.4.154.33:::
google	chrome	2.0.157.0	cpe:/a:google:chrome:2.0.157.0:::
google	chrome	1.0.154.43	cpe:/a:google:chrome:1.0.154.43:::
google	chrome	2.0.172.38	cpe:/a:google:chrome:2.0.172.38:::
google	chrome	2.0.170.0	cpe:/a:google:chrome:2.0.170.0:::
google	chrome	0.4.154.22	cpe:/a:google:chrome:0.4.154.22:::
google	chrome	2.0.172.30	cpe:/a:google:chrome:2.0.172.30:::
google	chrome	0.4.154.18	cpe:/a:google:chrome:0.4.154.18:::