Lucene search

K

MitreCVELIST:CVE-2019-11070

HistoryApr 10, 2019 - 8:15 p.m.

CVE-2019-11070

2019-04-1020:15:06

mitre

www.cve.org

1

6.6 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html

packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html

www.openwall.com/lists/oss-security/2019/04/11/1

bugs.webkit.org/show_bug.cgi?id=193718

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/

seclists.org/bugtraq/2019/Apr/21

security.gentoo.org/glsa/201909-05

trac.webkit.org/changeset/243197/webkit

usn.ubuntu.com/3948-1/

6.6 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

Related for CVELIST:CVE-2019-11070

veracode1 cve1 nvd1 debiancve1 ubuntucve1 osv3 redhatcve1 alpinelinux1 prion1 nessus21 fedora1 openvas5 ubuntu1 suse2 gentoo1 freebsd1 rocky1 redhat3 oraclelinux1 amazon1 centos1