Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-4692 | First vendor Publication | 2011-12-07 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4692 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14098 | |||
Oval ID: | oval:org.mitre.oval:def:14098 | ||
Title: | WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | ||
Description: | WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4692 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Apple Safari Google Chrome |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-12-09 | Name : Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X) File : nvt/gb_apple_safari_webkit_info_disc_vuln_macosx.nasl |
2011-12-09 | Name : Apple Safari WebKit Information Disclosure Vulnerability (Windows) File : nvt/gb_apple_safari_webkit_info_disc_vuln_win.nasl |
2011-12-09 | Name : Google Chrome Cache History Information Disclosure Vulnerabilities (Linux) File : nvt/gb_google_chrome_cache_history_info_disc_vuln_lin.nasl |
2011-12-09 | Name : Google Chrome Cache History Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_google_chrome_cache_history_info_disc_vuln_macosx.nasl |
2011-12-09 | Name : Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) File : nvt/gb_google_chrome_cache_history_info_disc_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77621 | Google Chrome WebKit Cache Objects Image Handling Browsing History Disclosure |
77618 | Apple Safari WebKit Cache Objects Image Handling Browsing History Disclosure |
Sources (Detail)
Source | Url |
---|---|
MISC | http://lcamtuf.coredump.cx/cachetime/ http://oxplot.github.com/visipisi/visipisi.html |
OVAL | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
Alert History
Date | Informations |
---|---|
2021-05-05 01:09:33 |
|
2021-05-04 12:17:57 |
|
2021-04-22 01:21:15 |
|
2021-04-10 12:08:42 |
|
2020-09-29 01:07:43 |
|
2020-05-23 01:47:38 |
|
2020-05-23 00:32:19 |
|
2017-11-29 12:04:26 |
|
2017-11-23 12:04:28 |
|
2017-09-19 09:25:06 |
|
2016-04-26 21:16:22 |
|
2013-05-10 23:11:30 |
|