Lucene search
HistoryMar 09, 2015 - 12:59 a.m.
CVE-2015-1229
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
61.9%
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
Affected configurations
Node
canonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch14.10
Node
googlechromeRange≤40.0.2214.115
Node
redhatenterprise_linux_desktop_supplementaryMatch6.0
ORredhatenterprise_linux_serverMatch6.0
ORredhatenterprise_linux_server_supplementary_eusMatch6.6.z
ORredhatenterprise_linux_workstation_supplementaryMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 14.10 | cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* |
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| redhat | enterprise_linux_desktop_supplementary | 6.0 | cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server | 6.0 | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server_supplementary_eus | 6.6.z | cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:* |
| redhat | enterprise_linux_workstation_supplementary | 6.0 | cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2015-1229
2015-03-08 00:00:00
cvelist
cvelist
CVE-2015-1229
2015-03-09 00:00:00
prion
prion
Code injection
2015-03-09 00:59:00
debiancve
debiancve
CVE-2015-1229
2015-03-09 00:59:00
cve
cve
CVE-2015-1229
2015-03-09 00:59:22
openvas
openvas
Ubuntu: Security Advisory (USN-2521-1)
2015-03-11 00:00:00
Mageia: Security Advisory (MGASA-2015-0123)
2022-01-28 00:00:00
openSUSE: Security Advisory for Security (openSUSE-SU-2015:0505-1)
2015-03-17 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2521-1)
2015-03-11 00:00:00
RHEL 6 : chromium-browser (RHSA-2015:0627)
2015-03-06 00:00:00
openSUSE Security Update : chromium (openSUSE-2015-228)
2015-03-17 00:00:00
securityvulns
securityvulns
[USN-2521-1] Oxide vulnerabilities
2015-03-23 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2015-03-10 00:00:00
threatpost
threatpost
Google Fixes 51 Bugs in Chrome 41
2015-03-04 13:58:40
redhat
redhat
(RHSA-2015:0627) Important: chromium-browser security update
2015-03-05 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2015-04-01 15:13:37
kaspersky
kaspersky
KLA10463 Multiple vulnerabilities in Google Chrome
2015-03-03 00:00:00
archlinux
archlinux
chromium: multiple issues
2015-03-05 00:00:00
chrome
chrome
Stable Channel Update
2015-03-03 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2015-03-03 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2015-03-22 00:00:00
suse
suse
Security update to Chromium 41.0.2272.76 (important)
2015-03-16 16:05:28
osv
osv
chromedriver-55.0.2883.75-3.1 on GA media
2024-06-15 00:00:00
ungoogled-chromium-113.0.5672.92-1.1 on GA media
2024-06-15 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
61.9%
Related for NVD:CVE-2015-1229