Lucene search

[email protected]CVE-2012-5624

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5624

2022-10-0316:15:31

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-5624

xmlhttprequest object

http redirection

file scheme

man-in-the-middle attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

Affected configurations

NVD

Node

digiaqtRange≤4.8.3

qtqtMatch1.41

qtqtMatch1.42

qtqtMatch1.43

qtqtMatch1.44

qtqtMatch1.45

qtqtMatch2.0.0

qtqtMatch2.0.1

qtqtMatch2.0.2

qtqtMatch3.3.0

qtqtMatch3.3.1

qtqtMatch3.3.2

qtqtMatch3.3.3

qtqtMatch3.3.4

qtqtMatch3.3.5

qtqtMatch3.3.6

qtqtMatch4.0.0

qtqtMatch4.0.1

qtqtMatch4.1.0

qtqtMatch4.1.1

qtqtMatch4.1.2

qtqtMatch4.1.3

qtqtMatch4.1.4

qtqtMatch4.1.5

qtqtMatch4.2.0

qtqtMatch4.2.1

qtqtMatch4.2.3

qtqtMatch4.3.0

qtqtMatch4.3.1

qtqtMatch4.3.2

qtqtMatch4.3.3

qtqtMatch4.3.4

qtqtMatch4.3.5

qtqtMatch4.4.0

qtqtMatch4.4.1

qtqtMatch4.4.2

qtqtMatch4.4.3

qtqtMatch4.5.0

qtqtMatch4.5.1

qtqtMatch4.5.2

qtqtMatch4.5.3

qtqtMatch4.6.0

qtqtMatch4.6.0rc1

qtqtMatch4.6.1

qtqtMatch4.6.2

qtqtMatch4.6.3

qtqtMatch4.6.4

qtqtMatch4.6.5

qtqtMatch4.6.5rc

qtqtMatch4.7.0

qtqtMatch4.7.1

qtqtMatch4.7.2

qtqtMatch4.7.3

qtqtMatch4.7.4

qtqtMatch4.7.5

qtqtMatch4.7.6

qtqtMatch4.7.6rc

qtqtMatch4.8.0

qtqtMatch4.8.1

qtqtMatch4.8.2

Node

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

CPENameOperatorVersion
digia:qtdigia qtle4.8.3
qt:qtqteq1.41
qt:qtqteq1.42
qt:qtqteq1.43
qt:qtqteq1.44
qt:qtqteq1.45
qt:qtqteq2.0.0
qt:qtqteq2.0.1
qt:qtqteq2.0.2
qt:qtqteq3.3.0