Vulnerability Details : CVE-2011-3887
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
Products affected by CVE-2011-3887
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3887
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3887
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3887
-
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3887
-
http://code.google.com/p/chromium/issues/detail?id=98407
Inloggen - Google AccountsPermissions Required
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/70965
Google Chrome URI security bypass CVE-2011-3887 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/48288
Sign inThird Party Advisory
-
http://secunia.com/advisories/48377
Sign inThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Chrome Releases: Chrome Stable ReleaseVendor Advisory
-
http://www.securitytracker.com/id?1026774
Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179
Repository / Oval RepositoryThird Party Advisory
Jump to