admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-16xx/CVE-2016-1697.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

228 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-1697",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2016-06-05T23:59:27.213",
"lastModified": "2018-10-30T16:27:35.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code."
},
{
"lang": "es",
"value": "La funci\u00f3nFrameLoader::startLoad en WebKit/Source/core/loader/FrameLoader.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.79, no impide marcos de navegaci\u00f3n durante las operaciones de separaci\u00f3n DocumentLoader, lo que permite a atacantes remotos eludir la Same Origin Policy a trav\u00e9s de c\u00f3digo JavaScript manipulado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndIncluding": "51.0.2704.63",
"matchCriteriaId": "5632B7FF-1930-4ADF-BBA1-C11FD636C7E7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9"
}
]
}
]
}
],
"references": [
{
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2016/dsa-3594",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securitytracker.com/id/1036026",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2992-1",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1201",
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://codereview.chromium.org/2021373003",
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://crbug.com/613266",
"source": "cve-coordination@google.com",
"tags": [
"Permissions Required"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink