CVE-2011-3236

2011-10-1200:00:00

ubuntu.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via vectors related to iTunes Store
browsing, a different vulnerability than other CVEs listed in
APPLE-SA-2011-10-11-1.

Notes

Author	Note
jdstrand	qt4-x11 unmaintained upstream (see README.webkit for details)
sbeattie	iTunes Store specific?
jdstrand	marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks

OSVersionArchitecturePackageVersionFilename
ubuntuupstreamnoarchqt4-x11< anyUNKNOWN
ubuntuupstreamnoarchqtwebkit-source< anyUNKNOWN
ubuntuupstreamnoarchwebkitgtk< anyUNKNOWN
ubuntu11.10noarchchromium-browser< 22.0UNKNOWN
ubuntu12.04noarchchromium-browser< 22.0UNKNOWN
ubuntu12.10noarchchromium-browser< 22.0UNKNOWN
ubuntu13.04noarchchromium-browser< 22.0UNKNOWN
ubuntu13.10noarchchromium-browser< 22.0UNKNOWN
ubuntu14.04noarchchromium-browser< 22.0UNKNOWN
ubuntu14.10noarchchromium-browser< 22.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	upstream	noarch	qt4-x11	< any	UNKNOWN
ubuntu	upstream	noarch	qtwebkit-source	< any	UNKNOWN
ubuntu	upstream	noarch	webkitgtk	< any	UNKNOWN
ubuntu	11.10	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	12.04	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	12.10	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	13.04	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	13.10	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	14.04	noarch	chromium-browser	< 22.0	UNKNOWN
ubuntu	14.10	noarch	chromium-browser	< 22.0	UNKNOWN