Executive Summary
Summary | |
---|---|
Title | HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected |
Informations | |||
---|---|---|---|
Name | VU#905344 | First vendor Publication | 2016-08-15 |
Vendor | VU-CERT | Last vendor Modification | 2016-10-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#905344HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protectedOverviewHTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally requested domain. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Jerry Decime for reporting these vulnerabilities. This document was written by Joel Land. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/905344 |
Alert History
Date | Informations |
---|---|
2016-10-20 17:22:13 |
|
2016-08-15 21:23:22 |
|