PRIOn knowledge basePRION:CVE-2010-1386

HistoryAug 19, 2010 - 10:00 p.m.

Design/Logic Flaw

2010-08-1922:00:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.4%

JSON

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

CPENameOperatorVersion
webkiteq50173.0.114
webkiteq<= r56187

CPE	Name	Operator	Version
	webkit	eq	50173.0.114
	webkit	eq	<= r56187

References

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/41856

secunia.com/advisories/43068

security-tracker.debian.org/tracker/CVE-2010-1386

trac.webkit.org/changeset/56188

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/42500

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

bugs.webkit.org/show_bug.cgi?id=36255

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for PRION:CVE-2010-1386