Lucene search

K
cve[email protected]CVE-2010-0315
HistoryJan 14, 2010 - 7:30 p.m.

CVE-2010-0315

2010-01-1419:30:00
web.nvd.nist.gov
19
webkit
r53607
vulnerability
remote attackers
redirect
url
google chrome
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.3

Confidence

High

EPSS

0.055

Percentile

93.3%

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirectโ€™s target URL, for the session of a specific user of a web site, by placing the siteโ€™s URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Affected configurations

NVD
Node
googlechromeRangeโ‰ค4.0.249.78
OR
googlechromeMatch0.2.149.27
OR
googlechromeMatch0.2.149.29
OR
googlechromeMatch0.2.149.30
OR
googlechromeMatch0.2.152.1
OR
googlechromeMatch0.2.153.1
OR
googlechromeMatch0.3.154.0
OR
googlechromeMatch0.3.154.3
OR
googlechromeMatch0.4.154.18
OR
googlechromeMatch0.4.154.22
OR
googlechromeMatch0.4.154.31
OR
googlechromeMatch0.4.154.33
OR
googlechromeMatch1.0.154.36
OR
googlechromeMatch1.0.154.39
OR
googlechromeMatch1.0.154.42
OR
googlechromeMatch1.0.154.43
OR
googlechromeMatch1.0.154.46
OR
googlechromeMatch1.0.154.48
OR
googlechromeMatch1.0.154.52
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch1.0.154.65
OR
googlechromeMatch2.0.156.1
OR
googlechromeMatch2.0.157.0
OR
googlechromeMatch2.0.157.2
OR
googlechromeMatch2.0.158.0
OR
googlechromeMatch2.0.159.0
OR
googlechromeMatch2.0.169.0
OR
googlechromeMatch2.0.169.1
OR
googlechromeMatch2.0.170.0
OR
googlechromeMatch2.0.172
OR
googlechromeMatch2.0.172.2
OR
googlechromeMatch2.0.172.8
OR
googlechromeMatch2.0.172.27
OR
googlechromeMatch2.0.172.28
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.31
OR
googlechromeMatch2.0.172.33
OR
googlechromeMatch2.0.172.37
OR
googlechromeMatch2.0.172.38
OR
googlechromeMatch3.0.182.2
OR
googlechromeMatch3.0.190.2
OR
googlechromeMatch3.0.193.2beta
OR
googlechromeMatch3.0.195.21
OR
googlechromeMatch3.0.195.24
OR
googlechromeMatch3.0.195.32
OR
googlechromeMatch3.0.195.33
VendorProductVersionCPE
googlechrome0.3.154.3cpe:/a:google:chrome:0.3.154.3:::
googlechrome2.0.172.31cpe:/a:google:chrome:2.0.172.31:::
googlechrome0.4.154.33cpe:/a:google:chrome:0.4.154.33:::
googlechrome2.0.157.0cpe:/a:google:chrome:2.0.157.0:::
googlechrome1.0.154.43cpe:/a:google:chrome:1.0.154.43:::
googlechrome2.0.172.38cpe:/a:google:chrome:2.0.172.38:::
googlechrome2.0.170.0cpe:/a:google:chrome:2.0.170.0:::
googlechrome0.4.154.22cpe:/a:google:chrome:0.4.154.22:::
googlechrome2.0.172.30cpe:/a:google:chrome:2.0.172.30:::
googlechrome0.4.154.18cpe:/a:google:chrome:0.4.154.18:::
Rows per page:
1-10 of 471

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.3

Confidence

High

EPSS

0.055

Percentile

93.3%