nvd-json-data-feeds/CVE-2015/CVE-2015-12xx/CVE-2015-1254.json

{
  "id": "CVE-2015-1254",
  "sourceIdentifier": "cve-coordination@google.com",
  "published": "2015-05-20T10:59:06.650",
  "lastModified": "2017-01-03T02:59:46.973",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing."
    },
    {
      "lang": "es",
      "value": "core/dom/Document.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, habilita la herencia del atributo designMode, lo que permite a atacantes remotos evadir Same Origin Policy mediante el aprovechamiento de la disponibilidad de la edici\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "42.0.2311.152",
              "matchCriteriaId": "6F238C75-E24A-406F-BEB5-8758C8FE9603"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "http://www.debian.org/security/2015/dsa-3267",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/74723",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "http://www.securitytracker.com/id/1032375",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "https://code.google.com/p/chromium/issues/detail?id=444927",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "https://security.gentoo.org/glsa/201506-04",
      "source": "cve-coordination@google.com"
    },
    {
      "url": "https://src.chromium.org/viewvc/blink?revision=192658&view=revision",
      "source": "cve-coordination@google.com"
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2015-1254",`
			`"sourceIdentifier": "cve-coordination@google.com",`
			`"published": "2015-05-20T10:59:06.650",`
			`"lastModified": "2017-01-03T02:59:46.973",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "core/dom/Document.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, habilita la herencia del atributo designMode, lo que permite a atacantes remotos evadir Same Origin Policy mediante el aprovechamiento de la disponibilidad de la edici\u00f3n."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-264"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:debian:debian_linux:8.0:::::::*",`
			`"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:google:chrome::::::::",`
			`"versionEndIncluding": "42.0.2311.152",`
			`"matchCriteriaId": "6F238C75-E24A-406F-BEB5-8758C8FE9603"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",`
			`"source": "cve-coordination@google.com",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "http://www.debian.org/security/2015/dsa-3267",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/74723",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1032375",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "https://code.google.com/p/chromium/issues/detail?id=444927",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "https://security.gentoo.org/glsa/201506-04",`
			`"source": "cve-coordination@google.com"`
			`},`
			`{`
			`"url": "https://src.chromium.org/viewvc/blink?revision=192658&view=revision",`
			`"source": "cve-coordination@google.com"`
			`}`
			`]`
			`}`