PRIOn knowledge basePRION:CVE-2015-1244

HistoryApr 19, 2015 - 10:59 a.m.

Design/Logic Flaw

2015-04-1910:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.

CPENameOperatorVersion
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
debian_linuxeq8.0
chromele42.0.2311.60

Name	Operator	Version
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
ubuntu_linux	eq	15.04
debian_linux	eq	8.0
chrome	le	42.0.2311.60

References

lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

rhn.redhat.com/errata/RHSA-2015-0816.html

ubuntu.com/usn/usn-2570-1

www.debian.org/security/2015/dsa-3238

www.securitytracker.com/id/1032209

chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010

code.google.com/p/chromium/issues/detail?id=455215

googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

security.gentoo.org/glsa/201506-04

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for PRION:CVE-2015-1244