Lucene search

[email protected]CVE-2011-4692

HistoryDec 07, 2011 - 7:55 p.m.

CVE-2011-4692

2011-12-0719:55:03

CWE-264

[email protected]

web.nvd.nist.gov

webkit

apple safari

google chrome

cve-2011-4692

image loading

remote attack

browser cache

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

Affected configurations

NVD

Node

applesafariRange≤5.1.1

applewebkit

Node

googlechromeRange≤15

CPENameOperatorVersion
apple:safariapple safarile5.1.1
apple:webkitapple webkiteq*

CPE	Name	Operator	Version
apple:safari	apple safari	le	5.1.1
apple:webkit	apple webkit	eq	*

References

lcamtuf.coredump.cx/cachetime/

oxplot.github.com/visipisi/visipisi.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2011-4692

openvas10 ubuntucve1 cvelist1 nvd1 seebug1 prion1