CVE-2010-0656

2010-02-1818:00:00

CWE-200

[email protected]

web.nvd.nist.gov

webkit

vulnerability

directory listing

local html document

cve-2010-0656

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

CPENameOperatorVersion
apple:webkitapple webkitler51280
google:chromegoogle chromele4.0.249.78
google:chromegoogle chromeeq0.2.149.27
google:chromegoogle chromeeq0.2.149.29
google:chromegoogle chromeeq0.2.149.30
google:chromegoogle chromeeq0.2.152.1
google:chromegoogle chromeeq0.2.153.1
google:chromegoogle chromeeq0.3.154.0
google:chromegoogle chromeeq0.3.154.3
google:chromegoogle chromeeq0.4.154.18

CPE	Name	Operator	Version
apple:webkit	apple webkit	le	r51280
google:chrome	google chrome	le	4.0.249.78
google:chrome	google chrome	eq	0.2.149.27
google:chrome	google chrome	eq	0.2.149.29
google:chrome	google chrome	eq	0.2.149.30
google:chrome	google chrome	eq	0.2.152.1
google:chrome	google chrome	eq	0.2.153.1
google:chrome	google chrome	eq	0.3.154.0
google:chrome	google chrome	eq	0.3.154.3
google:chrome	google chrome	eq	0.4.154.18