5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:C/I:N/A:N
0.018 Low
EPSS
Percentile
87.9%
Aad reported that two web pages can collide in the disk cache with the result that depending on order loaded the end of the longer document can be appended to the shorter when the shorter is reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal some sensitive data from a particular web page (for example, transaction history from a financial account). The potential victim would have to be already logged into the targeted service (or be fooled into doing so) and then visit the malicious site.