PRIOn knowledge basePRION:CVE-2014-3166Design/Logic Flaw
6.1 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.5%
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 7.0 | |
| chrome | lt | 36.0.1985.143 | |
| chrome | lt | 36.0.1985.135 | |
| chrome | lt | 36.0.1985.57 |
References
secunia.com/advisories/59693
secunia.com/advisories/59904
secunia.com/advisories/60685
secunia.com/advisories/60798
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-3039
www.ietf.org/mail-archive/web/tls/current/msg13345.html
www.securityfocus.com/bid/69202
www.securitytracker.com/id/1030732
code.google.com/p/chromium/issues/detail?id=398925
googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html
googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html
googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
src.chromium.org/viewvc/chrome?revision=286598&view=revision
src.chromium.org/viewvc/chrome?revision=288435&view=revision
Related
6.1 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.5%