Lucene search

K
cveAppleCVE-2010-1766
HistoryJul 22, 2010 - 5:42 a.m.

CVE-2010-1766

2010-07-2205:42:55
CWE-189
apple
web.nvd.nist.gov
47
cve-2010-1766
webcore
webkit
websockethandshake
denial of service
memory corruption
remote servers

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.019

Percentile

88.7%

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.

Affected configurations

Nvd
Node
digiaqtRange4.6.2
OR
webkitwebkitRanger56379
VendorProductVersionCPE
digiaqt*cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*
webkitwebkit*cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.019

Percentile

88.7%