5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.5%
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in
Google Chrome before 42.0.2311.90 does not replace the ws scheme with the
wss scheme whenever an HSTS Policy is active, which makes it easier for
remote attackers to obtain sensitive information by sniffing the network
for WebSocket traffic.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 43.0.2357.81-0ubuntu0.14.04.1.1089 | UNKNOWN |
ubuntu | 14.10 | noarch | chromium-browser | < 43.0.2357.81-0ubuntu0.14.10.1.1131 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 43.0.2357.81-0ubuntu0.15.04.1.1170 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 43.0.2357.81-0ubuntu1.1179 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.6.5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | oxide-qt | < 1.6.5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.6.5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.7.7-0ubuntu0.15.04.1~ppa1 | UNKNOWN |
googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010
code.google.com/p/chromium/issues/detail?id=455215
launchpad.net/bugs/cve/CVE-2015-1244
nvd.nist.gov/vuln/detail/CVE-2015-1244
security-tracker.debian.org/tracker/CVE-2015-1244
ubuntu.com/security/notices/USN-2570-1
www.cve.org/CVERecord?id=CVE-2015-1244