logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-1244

Description

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 chromium-browser trusty was released [43.0.2357.81-0ubuntu0.14.04.1.1089]
ubuntu upstream chromium-browser 42.0.2311.90
ubuntu 14.10 chromium-browser 43.0.2357.81-0ubuntu0.14.10.1.1131
ubuntu 15.04 chromium-browser 43.0.2357.81-0ubuntu0.15.04.1.1170
ubuntu 15.10 chromium-browser 43.0.2357.81-0ubuntu1.1179
ubuntu 14.04 oxide-qt trusty was released [1.6.5-0ubuntu0.14.04.1]
ubuntu upstream oxide-qt 1.6.5
ubuntu 14.10 oxide-qt 1.6.5-0ubuntu0.14.10.1
ubuntu 15.04 oxide-qt 1.6.5-0ubuntu0.15.04.1
ubuntu 15.10 oxide-qt 1.7.7-0ubuntu0.15.04.1~ppa1

Related