Lucene search

PRIOn knowledge basePRION:CVE-2016-1617

HistoryJan 25, 2016 - 11:59 a.m.

Design/Logic Flaw

2016-01-2511:59:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

CPENameOperatorVersion
chromele47.0.2526.106

CPE	Name	Operator	Version
	chrome	le	47.0.2526.106

References

lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html

rhn.redhat.com/errata/RHSA-2016-0072.html

www.debian.org/security/2016/dsa-3456

www.securityfocus.com/bid/81430

www.securitytracker.com/id/1034801

www.ubuntu.com/usn/USN-2877-1

code.google.com/p/chromium/issues/detail?id=544765

codereview.chromium.org/1455973003

googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html

security.gentoo.org/glsa/201603-09

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for PRION:CVE-2016-1617