Lucene search

MitreCVE-2011-1059

HistoryFeb 22, 2011 - 7:00 p.m.

CVE-2011-1059

2011-02-2219:00:02

CWE-416

mitre

web.nvd.nist.gov

cve-2011-1059

use-after-free

webcore

webkit

google chrome

vulnerability

denial of service

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.

Affected configurations

Nvd

Node

googlechromeRange<11.0.672.2

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::

References

code.google.com/p/chromium/issues/detail?id=70315

googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html

trac.webkit.org/changeset/77705

www.securityfocus.com/bid/46577

bugs.webkit.org/show_bug.cgi?id=52819

exchange.xforce.ibmcloud.com/vulnerabilities/65714

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Related for CVE-2011-1059