Lucene search

[email protected]CVE-2015-1254

HistoryMay 20, 2015 - 10:59 a.m.

CVE-2015-1254

2015-05-2010:59:00

CWE-264

[email protected]

web.nvd.nist.gov

blink

document.cpp

same origin policy

cve-2015-1254

google chrome

remote attack

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq8.0
google:chromegoogle chromele42.0.2311.152

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	8.0
google:chrome	google chrome	le	42.0.2311.152

References

googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

www.debian.org/security/2015/dsa-3267

www.securityfocus.com/bid/74723

www.securitytracker.com/id/1032375

code.google.com/p/chromium/issues/detail?id=444927

security.gentoo.org/glsa/201506-04

src.chromium.org/viewvc/blink?revision=192658&view=revision

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2015-1254

debiancve1 prion1 ubuntucve1 openvas7 nessus9 ubuntu1 archlinux1 threatpost1 debian2 chrome1 securityvulns2 freebsd1 redhat1 mageia1 kaspersky1 osv1 gentoo1