Lucene search

[email protected]NVD:CVE-2015-2330

HistoryMar 10, 2017 - 2:59 a.m.

CVE-2015-2330

2017-03-1002:59:00

CWE-295

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.8%

JSON

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.

Affected configurations

Nvd

Node

webkitgtkwebkitgtkRange≤2.6.5

VendorProductVersionCPE
webkitgtkwebkitgtk*cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
webkitgtk	webkitgtk	*	cpe:2.3:a:webkitgtk:webkitgtk::::::::

References

www.openwall.com/lists/oss-security/2015/03/17/11

www.openwall.com/lists/oss-security/2015/03/18/4

bugs.webkit.org/show_bug.cgi?id=142244

security.gentoo.org/glsa/201706-15

trac.webkit.org/changeset/181074

webkitgtk.org/security/WSA-2015-0002.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.8%

JSON

Related for NVD:CVE-2015-2330

cvelist1 prion1 debiancve1 archlinux2 cve1 ubuntucve1 openvas2 fedora1 nessus4 osv1 gentoo1