Lucene search

K
cve[email protected]CVE-2010-0315
HistoryJan 14, 2010 - 7:30 p.m.

CVE-2010-0315

2010-01-1419:30:00
web.nvd.nist.gov
19
webkit
r53607
vulnerability
remote attackers
redirect
url
google chrome
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.3 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirectโ€™s target URL, for the session of a specific user of a web site, by placing the siteโ€™s URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Affected configurations

NVD
Node
googlechromeRangeโ‰ค4.0.249.78
OR
googlechromeMatch0.2.149.27
OR
googlechromeMatch0.2.149.29
OR
googlechromeMatch0.2.149.30
OR
googlechromeMatch0.2.152.1
OR
googlechromeMatch0.2.153.1
OR
googlechromeMatch0.3.154.0
OR
googlechromeMatch0.3.154.3
OR
googlechromeMatch0.4.154.18
OR
googlechromeMatch0.4.154.22
OR
googlechromeMatch0.4.154.31
OR
googlechromeMatch0.4.154.33
OR
googlechromeMatch1.0.154.36
OR
googlechromeMatch1.0.154.39
OR
googlechromeMatch1.0.154.42
OR
googlechromeMatch1.0.154.43
OR
googlechromeMatch1.0.154.46
OR
googlechromeMatch1.0.154.48
OR
googlechromeMatch1.0.154.52
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch1.0.154.65
OR
googlechromeMatch2.0.156.1
OR
googlechromeMatch2.0.157.0
OR
googlechromeMatch2.0.157.2
OR
googlechromeMatch2.0.158.0
OR
googlechromeMatch2.0.159.0
OR
googlechromeMatch2.0.169.0
OR
googlechromeMatch2.0.169.1
OR
googlechromeMatch2.0.170.0
OR
googlechromeMatch2.0.172
OR
googlechromeMatch2.0.172.2
OR
googlechromeMatch2.0.172.8
OR
googlechromeMatch2.0.172.27
OR
googlechromeMatch2.0.172.28
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.31
OR
googlechromeMatch2.0.172.33
OR
googlechromeMatch2.0.172.37
OR
googlechromeMatch2.0.172.38
OR
googlechromeMatch3.0.182.2
OR
googlechromeMatch3.0.190.2
OR
googlechromeMatch3.0.193.2beta
OR
googlechromeMatch3.0.195.21
OR
googlechromeMatch3.0.195.24
OR
googlechromeMatch3.0.195.32
OR
googlechromeMatch3.0.195.33

References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.3 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%