Lucene search

[email protected]CVE-2011-2845

HistoryOct 25, 2011 - 7:55 p.m.

CVE-2011-2845

2011-10-2519:55:00

CWE-20

[email protected]

web.nvd.nist.gov

google chrome

url bar spoofing

cve-2011-2845

security vulnerability

history data handling

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.6%

JSON

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

Affected configurations

NVD

Node

googlechromeRange<15.0.874.102

Node

applesafariRange<6.0

appleiphone_osRange<6.0

CPENameOperatorVersion
google:chromegoogle chromelt15.0.874.102

CPE	Name	Operator	Version
google:chrome	google chrome	lt	15.0.874.102

References

code.google.com/p/chromium/issues/detail?id=86758

googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

support.apple.com/kb/HT5400

support.apple.com/kb/HT5503

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2011-2845

ubuntucve1 nvd1 debiancve1 cvelist1 prion1 openvas12 threatpost1 nessus8 chrome1 gentoo1 freebsd1 securityvulns1