Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1767
HistorySep 24, 2010 - 12:00 a.m.

CVE-2010-1767

2010-09-2400:00:00
ubuntu.com
ubuntu.com
12

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.0%

Cross-site request forgery (CSRF) vulnerability in
loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as
used in Google Chrome before 4.1.249.1059, allows remote attackers to
hijack the authentication of unspecified victims via a crafted synchronous
preflight XMLHttpRequest operation.

Bugs

Notes

Author Note
jdstrand qt4-x11 unmaintained upstream (see README.webkit for details)
mdeslaur introduced in webkit r47291
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchchromium-browser< 6.0.472.62~r59676-0ubuntu0.10.04.1UNKNOWN
ubuntu9.10noarchwebkit< 1.2.5-0ubuntu0.9.10.1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.0%