Lucene search

[email protected]NVD:CVE-2011-0778

HistoryFeb 04, 2011 - 6:00 p.m.

CVE-2011-0778

2011-02-0418:00:03

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Affected configurations

Nvd

Node

googlechromeRange≤9.0.597.83

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::

References

code.google.com/p/chromium/issues/detail?id=59081

googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

secunia.com/advisories/43368

www.debian.org/security/2011/dsa-2166

www.debian.org/security/2011/dsa-2188

www.vupen.com/english/advisories/2011/0408

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14228

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for NVD:CVE-2011-0778

cvelist2 cve2 ubuntucve2 prion2 debiancve1 nvd1 openvas14 debian4 securityvulns2 nessus10 osv2 freebsd1 ubuntu1 fedora1