Lucene search

[email protected]NVD:CVE-2015-1254

HistoryMay 20, 2015 - 10:59 a.m.

CVE-2015-1254

2015-05-2010:59:06

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

75.5%

JSON

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

Affected configurations

Nvd

Node

debiandebian_linuxMatch8.0

Node

googlechromeRange≤42.0.2311.152

VendorProductVersionCPE
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::

References

googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

www.debian.org/security/2015/dsa-3267

www.securityfocus.com/bid/74723

www.securitytracker.com/id/1032375

code.google.com/p/chromium/issues/detail?id=444927

security.gentoo.org/glsa/201506-04

src.chromium.org/viewvc/blink?revision=192658&view=revision

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

75.5%

JSON

Related for NVD:CVE-2015-1254

cvelist1 prion1 debiancve1 ubuntucve1 cve1 openvas8 nessus9 ubuntu1 archlinux1 threatpost1 mageia1 debian2 chrome1 redhat1 securityvulns2 freebsd1 osv3 kaspersky1 gentoo1