Lucene search

K
nvd[email protected]NVD:CVE-2013-6666
HistoryMar 05, 2014 - 5:11 a.m.

CVE-2013-6666

2014-03-0505:11:22
CWE-264
web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

Affected configurations

NVD
Node
googlechromeRange33.0.1750.144
OR
googlechromeMatch33.0.1750.0
OR
googlechromeMatch33.0.1750.1
OR
googlechromeMatch33.0.1750.2
OR
googlechromeMatch33.0.1750.3
OR
googlechromeMatch33.0.1750.4
OR
googlechromeMatch33.0.1750.5
OR
googlechromeMatch33.0.1750.6
OR
googlechromeMatch33.0.1750.7
OR
googlechromeMatch33.0.1750.8
OR
googlechromeMatch33.0.1750.9
OR
googlechromeMatch33.0.1750.10
OR
googlechromeMatch33.0.1750.11
OR
googlechromeMatch33.0.1750.12
OR
googlechromeMatch33.0.1750.13
OR
googlechromeMatch33.0.1750.14
OR
googlechromeMatch33.0.1750.15
OR
googlechromeMatch33.0.1750.16
OR
googlechromeMatch33.0.1750.18
OR
googlechromeMatch33.0.1750.19
OR
googlechromeMatch33.0.1750.20
OR
googlechromeMatch33.0.1750.21
OR
googlechromeMatch33.0.1750.22
OR
googlechromeMatch33.0.1750.23
OR
googlechromeMatch33.0.1750.24
OR
googlechromeMatch33.0.1750.25
OR
googlechromeMatch33.0.1750.26
OR
googlechromeMatch33.0.1750.27
OR
googlechromeMatch33.0.1750.28
OR
googlechromeMatch33.0.1750.29
OR
googlechromeMatch33.0.1750.30
OR
googlechromeMatch33.0.1750.31
OR
googlechromeMatch33.0.1750.34
OR
googlechromeMatch33.0.1750.35
OR
googlechromeMatch33.0.1750.36
OR
googlechromeMatch33.0.1750.37
OR
googlechromeMatch33.0.1750.38
OR
googlechromeMatch33.0.1750.39
OR
googlechromeMatch33.0.1750.40
OR
googlechromeMatch33.0.1750.41
OR
googlechromeMatch33.0.1750.42
OR
googlechromeMatch33.0.1750.43
OR
googlechromeMatch33.0.1750.44
OR
googlechromeMatch33.0.1750.45
OR
googlechromeMatch33.0.1750.46
OR
googlechromeMatch33.0.1750.47
OR
googlechromeMatch33.0.1750.48
OR
googlechromeMatch33.0.1750.49
OR
googlechromeMatch33.0.1750.50
OR
googlechromeMatch33.0.1750.51
OR
googlechromeMatch33.0.1750.52
OR
googlechromeMatch33.0.1750.53
OR
googlechromeMatch33.0.1750.54
OR
googlechromeMatch33.0.1750.55
OR
googlechromeMatch33.0.1750.56
OR
googlechromeMatch33.0.1750.57
OR
googlechromeMatch33.0.1750.58
OR
googlechromeMatch33.0.1750.59
OR
googlechromeMatch33.0.1750.60
OR
googlechromeMatch33.0.1750.61
OR
googlechromeMatch33.0.1750.62
OR
googlechromeMatch33.0.1750.63
OR
googlechromeMatch33.0.1750.64
OR
googlechromeMatch33.0.1750.65
OR
googlechromeMatch33.0.1750.66
OR
googlechromeMatch33.0.1750.67
OR
googlechromeMatch33.0.1750.68
OR
googlechromeMatch33.0.1750.69
OR
googlechromeMatch33.0.1750.70
OR
googlechromeMatch33.0.1750.71
OR
googlechromeMatch33.0.1750.73
OR
googlechromeMatch33.0.1750.74
OR
googlechromeMatch33.0.1750.75
OR
googlechromeMatch33.0.1750.76
OR
googlechromeMatch33.0.1750.77
OR
googlechromeMatch33.0.1750.79
OR
googlechromeMatch33.0.1750.80
OR
googlechromeMatch33.0.1750.81
OR
googlechromeMatch33.0.1750.82
OR
googlechromeMatch33.0.1750.83
OR
googlechromeMatch33.0.1750.85
OR
googlechromeMatch33.0.1750.88
OR
googlechromeMatch33.0.1750.89
OR
googlechromeMatch33.0.1750.90
OR
googlechromeMatch33.0.1750.91
OR
googlechromeMatch33.0.1750.92
OR
googlechromeMatch33.0.1750.93
OR
googlechromeMatch33.0.1750.104
OR
googlechromeMatch33.0.1750.106
OR
googlechromeMatch33.0.1750.107
OR
googlechromeMatch33.0.1750.108
OR
googlechromeMatch33.0.1750.109
OR
googlechromeMatch33.0.1750.110
OR
googlechromeMatch33.0.1750.111
OR
googlechromeMatch33.0.1750.112
OR
googlechromeMatch33.0.1750.113
OR
googlechromeMatch33.0.1750.115
OR
googlechromeMatch33.0.1750.116
OR
googlechromeMatch33.0.1750.117
OR
googlechromeMatch33.0.1750.124
OR
googlechromeMatch33.0.1750.125
OR
googlechromeMatch33.0.1750.126
OR
googlechromeMatch33.0.1750.132
OR
googlechromeMatch33.0.1750.133
OR
googlechromeMatch33.0.1750.135
OR
googlechromeMatch33.0.1750.136

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%