Vulnerability Details CVE-2010-0656
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://code.google.com/p/chromium/issues/detail?id=20450
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/41856
- http://secunia.com/advisories/43068
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://trac.webkit.org/changeset/51295
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.securityfocus.com/bid/38372
- http://www.ubuntu.com/usn/USN-1006-1
- http://www.vupen.com/english/advisories/2010/2722
- http://www.vupen.com/english/advisories/2011/0212
- http://www.vupen.com/english/advisories/2011/0552
- https://bugs.webkit.org/show_bug.cgi?id=31329
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501
- http://code.google.com/p/chromium/issues/detail?id=20450
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/41856
- http://secunia.com/advisories/43068
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://trac.webkit.org/changeset/51295
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.securityfocus.com/bid/38372
- http://www.ubuntu.com/usn/USN-1006-1
- http://www.vupen.com/english/advisories/2010/2722
- http://www.vupen.com/english/advisories/2011/0212
- http://www.vupen.com/english/advisories/2011/0552
- https://bugs.webkit.org/show_bug.cgi?id=31329
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501
Products affected by CVE-2010-0656
-
cpe:2.3:a:apple:webkit:-
-
cpe:2.3:a:apple:webkit:103
-
cpe:2.3:a:apple:webkit:106.2
-
cpe:2.3:a:apple:webkit:124
-
cpe:2.3:a:apple:webkit:125.2
-
cpe:2.3:a:apple:webkit:125.4
-
cpe:2.3:a:apple:webkit:125.5.5
-
cpe:2.3:a:apple:webkit:125.5.7
-
cpe:2.3:a:apple:webkit:254245
-
cpe:2.3:a:apple:webkit:254246
-
cpe:2.3:a:apple:webkit:254248
-
cpe:2.3:a:apple:webkit:254249
-
cpe:2.3:a:apple:webkit:254250
-
cpe:2.3:a:apple:webkit:254251
-
cpe:2.3:a:apple:webkit:254252
-
cpe:2.3:a:apple:webkit:254253
-
cpe:2.3:a:apple:webkit:254254
-
cpe:2.3:a:apple:webkit:254255
-
cpe:2.3:a:apple:webkit:254256
-
cpe:2.3:a:apple:webkit:254257
-
cpe:2.3:a:apple:webkit:254259
-
cpe:2.3:a:apple:webkit:254260
-
cpe:2.3:a:apple:webkit:254262
-
cpe:2.3:a:apple:webkit:254264
-
cpe:2.3:a:apple:webkit:254265
-
cpe:2.3:a:apple:webkit:254266
-
cpe:2.3:a:apple:webkit:254268
-
cpe:2.3:a:apple:webkit:254269
-
cpe:2.3:a:apple:webkit:254271
-
cpe:2.3:a:apple:webkit:254281
-
cpe:2.3:a:apple:webkit:254285
-
cpe:2.3:a:apple:webkit:254286
-
cpe:2.3:a:apple:webkit:254287
-
cpe:2.3:a:apple:webkit:254288
-
cpe:2.3:a:apple:webkit:254290
-
cpe:2.3:a:apple:webkit:254291
-
cpe:2.3:a:apple:webkit:254293
-
cpe:2.3:a:apple:webkit:254294
-
cpe:2.3:a:apple:webkit:254946
-
cpe:2.3:a:apple:webkit:254947
-
cpe:2.3:a:apple:webkit:254948
-
cpe:2.3:a:apple:webkit:254949
-
cpe:2.3:a:apple:webkit:254950
-
cpe:2.3:a:apple:webkit:254951
-
cpe:2.3:a:apple:webkit:254952
-
cpe:2.3:a:apple:webkit:254953
-
cpe:2.3:a:apple:webkit:254954
-
cpe:2.3:a:apple:webkit:254955
-
cpe:2.3:a:apple:webkit:254956
-
cpe:2.3:a:apple:webkit:254957
-
cpe:2.3:a:apple:webkit:254958
-
cpe:2.3:a:apple:webkit:254959
-
cpe:2.3:a:apple:webkit:254960
-
cpe:2.3:a:apple:webkit:254961
-
cpe:2.3:a:apple:webkit:254962
-
cpe:2.3:a:apple:webkit:254963
-
cpe:2.3:a:apple:webkit:254964
-
cpe:2.3:a:apple:webkit:254965
-
cpe:2.3:a:apple:webkit:254969
-
cpe:2.3:a:apple:webkit:254970
-
cpe:2.3:a:apple:webkit:254971
-
cpe:2.3:a:apple:webkit:254975
-
cpe:2.3:a:apple:webkit:254976
-
cpe:2.3:a:apple:webkit:254977
-
cpe:2.3:a:apple:webkit:254978
-
cpe:2.3:a:apple:webkit:254979
-
cpe:2.3:a:apple:webkit:254981
-
cpe:2.3:a:apple:webkit:254982
-
cpe:2.3:a:apple:webkit:312.1
-
cpe:2.3:a:apple:webkit:312.5
-
cpe:2.3:a:apple:webkit:312.5.2
-
cpe:2.3:a:apple:webkit:312.8
-
cpe:2.3:a:apple:webkit:312.8.1
-
cpe:2.3:a:apple:webkit:412
-
cpe:2.3:a:apple:webkit:412.6
-
cpe:2.3:a:apple:webkit:412.7
-
cpe:2.3:a:apple:webkit:413
-
cpe:2.3:a:apple:webkit:416.11
-
cpe:2.3:a:apple:webkit:416.12
-
cpe:2.3:a:apple:webkit:417.10
-
cpe:2.3:a:apple:webkit:417.9
-
cpe:2.3:a:apple:webkit:418
-
cpe:2.3:a:apple:webkit:418.8
-
cpe:2.3:a:apple:webkit:418.9
-
cpe:2.3:a:apple:webkit:418.9.1
-
cpe:2.3:a:apple:webkit:419
-
cpe:2.3:a:apple:webkit:419.2
-
cpe:2.3:a:apple:webkit:419.2.1
-
cpe:2.3:a:apple:webkit:420
-
cpe:2.3:a:apple:webkit:51
-
cpe:2.3:a:apple:webkit:512.11
-
cpe:2.3:a:apple:webkit:512.11.3
-
cpe:2.3:a:apple:webkit:522
-
cpe:2.3:a:apple:webkit:522.10.1
-
cpe:2.3:a:apple:webkit:522.12.1
-
cpe:2.3:a:apple:webkit:522.13.1
-
cpe:2.3:a:apple:webkit:522.8.2
-
cpe:2.3:a:apple:webkit:53524
-
cpe:2.3:a:apple:webkit:85
-
cpe:2.3:a:apple:webkit:85.7
-
cpe:2.3:a:apple:webkit:85.8.2
-
cpe:2.3:a:apple:webkit:85.8.5
-
cpe:2.3:a:google:chrome:0.2.149.27
-
cpe:2.3:a:google:chrome:0.2.149.29
-
cpe:2.3:a:google:chrome:0.2.149.30
-
cpe:2.3:a:google:chrome:0.2.152.1
-
cpe:2.3:a:google:chrome:0.2.153.1
-
cpe:2.3:a:google:chrome:0.3.154.0
-
cpe:2.3:a:google:chrome:0.3.154.3
-
cpe:2.3:a:google:chrome:0.4.154.18
-
cpe:2.3:a:google:chrome:0.4.154.22
-
cpe:2.3:a:google:chrome:0.4.154.31
-
cpe:2.3:a:google:chrome:0.4.154.33
-
cpe:2.3:a:google:chrome:1.0.154.36
-
cpe:2.3:a:google:chrome:1.0.154.39
-
cpe:2.3:a:google:chrome:1.0.154.42
-
cpe:2.3:a:google:chrome:1.0.154.43
-
cpe:2.3:a:google:chrome:1.0.154.46
-
cpe:2.3:a:google:chrome:1.0.154.48
-
cpe:2.3:a:google:chrome:1.0.154.52
-
cpe:2.3:a:google:chrome:1.0.154.53
-
cpe:2.3:a:google:chrome:1.0.154.59
-
cpe:2.3:a:google:chrome:1.0.154.65
-
cpe:2.3:a:google:chrome:2.0.156.1
-
cpe:2.3:a:google:chrome:2.0.157.0
-
cpe:2.3:a:google:chrome:2.0.157.2
-
cpe:2.3:a:google:chrome:2.0.158.0
-
cpe:2.3:a:google:chrome:2.0.159.0
-
cpe:2.3:a:google:chrome:2.0.169.0
-
cpe:2.3:a:google:chrome:2.0.169.1
-
cpe:2.3:a:google:chrome:2.0.170.0
-
cpe:2.3:a:google:chrome:2.0.172
-
cpe:2.3:a:google:chrome:2.0.172.2
-
cpe:2.3:a:google:chrome:2.0.172.27
-
cpe:2.3:a:google:chrome:2.0.172.28
-
cpe:2.3:a:google:chrome:2.0.172.30
-
cpe:2.3:a:google:chrome:2.0.172.31
-
cpe:2.3:a:google:chrome:2.0.172.33
-
cpe:2.3:a:google:chrome:2.0.172.37
-
cpe:2.3:a:google:chrome:2.0.172.38
-
cpe:2.3:a:google:chrome:2.0.172.8
-
cpe:2.3:a:google:chrome:3.0.182.2
-
cpe:2.3:a:google:chrome:3.0.190.2
-
cpe:2.3:a:google:chrome:3.0.193.2
-
cpe:2.3:a:google:chrome:3.0.195.21
-
cpe:2.3:a:google:chrome:3.0.195.24
-
cpe:2.3:a:google:chrome:3.0.195.32
-
cpe:2.3:a:google:chrome:3.0.195.33
-
cpe:2.3:a:google:chrome:4.0.244.0
-
cpe:2.3:a:google:chrome:4.0.249.78