admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-01xx/CVE-2017-0135.json
cad-safe-bot 865d8c9414 Auto-Update: 2025-04-20T02:01:32.812855+00:00
2025-04-20 02:05:18 +00:00

146 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-0135",
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-03-17T00:59:03.790",
"lastModified": "2025-04-20T01:37:25.860",
"vulnStatus": "Deferred",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140."
},
{
"lang": "es",
"value": "Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy para elementos HTML en otros navegadores de windows, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Edge Security Feature Bypass Vulnerability\". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0066 y CVE-2017-0140."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/96656",
"source": "secure@microsoft.com"
},
{
"url": "http://www.securitytracker.com/id/1038006",
"source": "secure@microsoft.com"
},
{
"url": "https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754",
"source": "secure@microsoft.com"
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.freebuf.com/articles/web/164871.html",
"source": "secure@microsoft.com"
},
{
"url": "http://www.securityfocus.com/bid/96656",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securitytracker.com/id/1038006",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.freebuf.com/articles/web/164871.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink