Lucene search

[email protected]NVD:CVE-2012-5624

HistoryFeb 24, 2013 - 7:55 p.m.

CVE-2012-5624

2013-02-2419:55:00

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

Affected configurations

NVD

Node

digiaqtRange≤4.8.3

qtqtMatch1.41

qtqtMatch1.42

qtqtMatch1.43

qtqtMatch1.44

qtqtMatch1.45

qtqtMatch2.0.0

qtqtMatch2.0.1

qtqtMatch2.0.2

qtqtMatch3.3.0

qtqtMatch3.3.1

qtqtMatch3.3.2

qtqtMatch3.3.3

qtqtMatch3.3.4

qtqtMatch3.3.5

qtqtMatch3.3.6

qtqtMatch4.0.0

qtqtMatch4.0.1

qtqtMatch4.1.0

qtqtMatch4.1.1

qtqtMatch4.1.2

qtqtMatch4.1.3

qtqtMatch4.1.4

qtqtMatch4.1.5

qtqtMatch4.2.0

qtqtMatch4.2.1

qtqtMatch4.2.3

qtqtMatch4.3.0

qtqtMatch4.3.1

qtqtMatch4.3.2

qtqtMatch4.3.3

qtqtMatch4.3.4

qtqtMatch4.3.5

qtqtMatch4.4.0

qtqtMatch4.4.1

qtqtMatch4.4.2

qtqtMatch4.4.3

qtqtMatch4.5.0

qtqtMatch4.5.1

qtqtMatch4.5.2

qtqtMatch4.5.3

qtqtMatch4.6.0

qtqtMatch4.6.0rc1

qtqtMatch4.6.1

qtqtMatch4.6.2

qtqtMatch4.6.3

qtqtMatch4.6.4

qtqtMatch4.6.5

qtqtMatch4.6.5rc

qtqtMatch4.7.0

qtqtMatch4.7.1

qtqtMatch4.7.2

qtqtMatch4.7.3

qtqtMatch4.7.4

qtqtMatch4.7.5

qtqtMatch4.7.6

qtqtMatch4.7.6rc

qtqtMatch4.8.0

qtqtMatch4.8.1

qtqtMatch4.8.2

Node

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

References

lists.opensuse.org/opensuse-updates/2013-01/msg00034.html

lists.opensuse.org/opensuse-updates/2013-01/msg00045.html

lists.opensuse.org/opensuse-updates/2013-01/msg00048.html

lists.qt-project.org/pipermail/announce/2012-November/000014.html

qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71

secunia.com/advisories/52217

www.openwall.com/lists/oss-security/2012/12/04/8

www.ubuntu.com/usn/USN-1723-1

bugzilla.redhat.com/show_bug.cgi?id=883415

codereview.qt-project.org/#change%2C40034

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for NVD:CVE-2012-5624

cve1 nessus6 debiancve1 openvas6 cvelist1 fedora3 ubuntucve1 prion1 ubuntu1 securityvulns2