CVE-2013-2853

2013-07-1000:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

55.3%

JSON

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not
ensure that headers are terminated by \r\n\r\n (carriage return, newline,
carriage return, newline), which allows man-in-the-middle attackers to have
an unspecified impact via vectors that trigger header truncation.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1199644>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchchromium-browser< 28.0.1500.71-0ubuntu1.12.04.1UNKNOWN
ubuntu12.10noarchchromium-browser< 28.0.1500.71-0ubuntu1.12.10.1UNKNOWN
ubuntu13.04noarchchromium-browser< 28.0.1500.71-0ubuntu1.13.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.12.04.1	UNKNOWN
ubuntu	12.10	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.12.10.1	UNKNOWN
ubuntu	13.04	noarch	chromium-browser	< 28.0.1500.71-0ubuntu1.13.04.1	UNKNOWN