CVE-2017-5042

Sažetak

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

Reference

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/201704-02
https://crbug.com/671932
http://www.debian.org/security/2017/dsa-3810
http://www.securityfocus.com/bid/96767
http://rhn.redhat.com/errata/RHSA-2017-0499.html

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:48

Objavljeno

24-04-2017 - 23:59