Lucene search

[email protected]CVE-2011-1190

HistoryMar 11, 2011 - 2:01 a.m.

CVE-2011-1190

2011-03-1102:01:19

CWE-200

[email protected]

web.nvd.nist.gov

google chrome

web workers

same origin policy

bypass

cve-2011-1190

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

JSON

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an “error message leak.”

Affected configurations

NVD

Node

googlechromeRange<10.0.648.127

Node

applesafariRange<5.0.6

appleiphone_osRange<5.0

CPENameOperatorVersion
google:chromegoogle chromelt10.0.648.127

CPE	Name	Operator	Version
google:chrome	google chrome	lt	10.0.648.127

References

code.google.com/p/chromium/issues/detail?id=70336

googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

lists.apple.com/archives/security-announce/2011//Jul/msg00002.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

support.apple.com/kb/HT4808

support.apple.com/kb/HT4999

www.securityfocus.com/bid/46785

www.vupen.com/english/advisories/2011/0628

exchange.xforce.ibmcloud.com/vulnerabilities/65954

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14398

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2011-1190

cvelist1 nvd1 ubuntucve1 debiancve1 prion1 openvas5 nessus3 securityvulns4