Details of VAR-201102-0350

ID

VAR-201102-0350

CVE

CVE-2011-1059

TITLE

Google Chrome And used in other products WebKit of WebCore Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-004319

DESCRIPTION

Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557. WebKit is prone to a denial-of-service vulnerability. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A use-after-free vulnerability exists in WebCore in WebKit versions prior to r77705 used in Google Chrome versions prior to 11.0.672.2 and others. The vulnerability is related to improper handling of temporary items by the HistoryController component

Trust: 1.98

sources: NVD: CVE-2011-1059 // JVNDB: JVNDB-2011-004319 // BID: 46577 // VULHUB: VHN-49004

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	lt	version:	11.0.672.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	11.0.672.2 products	Trust: 0.8
vendor:	apple	model:	webkit	scope:	lt	version:	r77705	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.36	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.45	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.41	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.46	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.40	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.42	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.4	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.204	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.44	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.18	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.x	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	ne	version:	-	Trust: 0.3
vendor:	google	model:	chrome	scope:	ne	version:	11.0.672.2	Trust: 0.3

sources: BID: 46577 // JVNDB: JVNDB-2011-004319 // CNNVD: CNNVD-201102-320 // NVD: CVE-2011-1059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1059
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-1059
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201102-320
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-49004
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-1059
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-49004
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-49004 // JVNDB: JVNDB-2011-004319 // CNNVD: CNNVD-201102-320 // NVD: CVE-2011-1059

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-49004 // JVNDB: JVNDB-2011-004319 // NVD: CVE-2011-1059

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-320

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201102-320

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004319

PATCH

title:	52819	url:	https://bugs.webkit.org/show_bug.cgi?id=52819	Trust: 0.8
title:	Dev Channel Update	url:	http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html	Trust: 0.8
title:	bug-52819-20110204143234	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39484	Trust: 0.6
title:	bug-52819-20110203154913	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39483	Trust: 0.6
title:	bug-52819-20110202180818	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39482	Trust: 0.6
title:	bug-52819-20110201190219	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39481	Trust: 0.6
title:	bug-52819-20110121140238	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39480	Trust: 0.6

sources: JVNDB: JVNDB-2011-004319 // CNNVD: CNNVD-201102-320

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1059	Trust: 2.8
db:	BID	id:	46577	Trust: 2.0
db:	JVNDB	id:	JVNDB-2011-004319	Trust: 0.8
db:	CNNVD	id:	CNNVD-201102-320	Trust: 0.6
db:	VULHUB	id:	VHN-49004	Trust: 0.1

sources: VULHUB: VHN-49004 // BID: 46577 // JVNDB: JVNDB-2011-004319 // CNNVD: CNNVD-201102-320 // NVD: CVE-2011-1059

REFERENCES

url:	http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html	Trust: 2.0
url:	http://trac.webkit.org/changeset/77705	Trust: 2.0
url:	http://www.securityfocus.com/bid/46577	Trust: 1.7
url:	http://code.google.com/p/chromium/issues/detail?id=70315	Trust: 1.7
url:	https://bugs.webkit.org/show_bug.cgi?id=52819	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13943	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/65714	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1059	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1059	Trust: 0.8
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-49004 // BID: 46577 // JVNDB: JVNDB-2011-004319 // CNNVD: CNNVD-201102-320 // NVD: CVE-2011-1059

CREDITS

WebKit

Trust: 0.3

sources: BID: 46577

SOURCES

db:	VULHUB	id:	VHN-49004
db:	BID	id:	46577
db:	JVNDB	id:	JVNDB-2011-004319
db:	CNNVD	id:	CNNVD-201102-320
db:	NVD	id:	CVE-2011-1059

LAST UPDATE DATE

2025-04-11T22:50:10.699000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-49004	date:	2020-06-03T00:00:00
db:	BID	id:	46577	date:	2011-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2011-004319	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201102-320	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2011-1059	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-49004	date:	2011-02-22T00:00:00
db:	BID	id:	46577	date:	2011-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2011-004319	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201102-320	date:	2011-02-23T00:00:00
db:	NVD	id:	CVE-2011-1059	date:	2011-02-22T19:00:02.973