Lucene search

K
nvd[email protected]NVD:CVE-2011-4692
HistoryDec 07, 2011 - 7:55 p.m.

CVE-2011-4692

2011-12-0719:55:03
CWE-264
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

Affected configurations

NVD
Node
applesafariRange5.1.1
OR
applewebkit
Node
googlechromeRange15

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%