Sign-up

ID

VAR-201108-0280


CVE

CVE-2011-2805


TITLE

Google Chrome Vulnerabilities that bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2011-002976

DESCRIPTION

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 13.0.782.107 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a malicious website may cause the execution of arbitrary Javascript in the context of installed Safari Extensions Description: A directory traversal issue existed in the handling of safari-extension:// URLs. Visiting a malicious website may cause execution of arbitrary Javascript in the context of installed Safari Extensions, which may have context-dependent ramifications including files from the user's system being sent to a remote server. CVE-ID CVE-2011-3229 : Aaron Sigel of vtty.com Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2 Impact: Visiting a malicious website may lead to arbitrary code execution Description: A policy issue existed in the handling of file:// URLs. This issue does not affect Windows systems. CVE-ID CVE-2011-3230 : Aaron Sigel of vtty.com Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Visiting a malicious website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in the handling of SSL certificates. This issue does not affect OS X Lion systems or Windows systems. CVE-ID CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator Laboratory WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team CVE-2011-2341 : Apple CVE-2011-2351 : miaubiz CVE-2011-2352 : Apple CVE-2011-2354 : Apple CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2011-2359 : miaubiz CVE-2011-2788 : Mikolaj Malecki of Samsung CVE-2011-2790 : miaubiz CVE-2011-2792 : miaubiz CVE-2011-2797 : miaubiz CVE-2011-2799 : miaubiz CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-2811 : Apple CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2815 : SkyLined of Google Chrome Security Team CVE-2011-2816 : Apple CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2818 : Martin Barbella CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google CVE-2011-2823 : SkyLined of Google Chrome Security Team CVE-2011-2827 : miaubiz CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3232 : Aki Helin of OUSPG CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3234 : miaubiz CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3238 : Martin Barbella CVE-2011-3239 : Slawomir Blazek CVE-2011-3241 : Apple WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame Description: A cross-origin issue existed in the handling of the beforeload event. CVE-ID CVE-2011-2800 : Juho Nurminen WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the window.open method. CVE-ID CVE-2011-2805 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the document.documentURI property. CVE-ID CVE-2011-2819 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of inactive DOM windows. CVE-ID CVE-2011-3243 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2 Impact: In Private Browsing mode, cookies may be set even if "Block cookies" is set to "Always" Description: A logic issue existed in the handling of cookies in Private Browsing mode. This issue does not affect Windows systems. CVE-ID CVE-2011-3242 : John Adamczyk Safari 5.1.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for OS X Lion v10.7.2 The download file is named: Safari5.1.1Lion.dmg Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5 Safari for Mac OS X v10.6.8 The download file is named: Safari5.1.1SnowLeopard.dmg Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37 Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10 Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15 Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42 J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz 6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT 5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM= =ZXdu -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2011-2805 // JVNDB: JVNDB-2011-002976 // BID: 48960 // VULHUB: VHN-50750 // PACKETSTORM: 105739

AFFECTED PRODUCTS

vendor:googlemodel:chromescope:ltversion:13.0.782.107

Trust: 1.8

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.1

vendor:applemodel:safariscope:ltversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:5.0

Trust: 1.0

vendor:googlemodel:chromescope:eqversion:12.0.742.100

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.2

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.0 to 4.3.5 (iphone 3gs and iphone 4)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.1 to 4.3.5 (ipod touch (3rd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 4.3.5 (ipad for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:googlemodel:chromescope:eqversion:12.0.742.124

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.122

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.114

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.113

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.105

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.121

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.115

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.123

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.120

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:8.0.552.220

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.101

Trust: 0.3

vendor:srwaremodel:ironscope:neversion:13.0.800.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.94

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.57

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.223

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.303

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.20

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.43

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.300

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.203

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.105

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.211

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.18

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.221

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.104

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.12

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.213

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.306

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.102

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.204

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.307

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.551.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.208

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.128

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.19

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.301

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:11.0.700.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.14

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.15

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.205

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.16

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.17

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.204

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.222

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.215

Trust: 0.3

vendor:applemodel:iosscope:neversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.127

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.65

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.225

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.21

Trust: 0.3

vendor:googlemodel:chromescope:neversion:13.0.782.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.302

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.219

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.310

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.218

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.103

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.217

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:13.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.224

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.112

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.71

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.100

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.13

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.91

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.308

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.84

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.210

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.550.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:11.0.700.2

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.77

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.309

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.214

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.209

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.202

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.226

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.551.1

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.201

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.11

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.68

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.672.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.549.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:11.0.700.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.304

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.2

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.207

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.212

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.305

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.216

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.237

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.344

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.206

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.133

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.205

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.200

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:11.0.700.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

sources: BID: 48960 // JVNDB: JVNDB-2011-002976 // CNNVD: CNNVD-201108-055 // NVD: CVE-2011-2805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2805
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-2805
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201108-055
value: HIGH

Trust: 0.6

VULHUB: VHN-50750
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-2805
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2011-2805
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-50750
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-50750 // JVNDB: JVNDB-2011-002976 // CNNVD: CNNVD-201108-055 // NVD: CVE-2011-2805

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-50750 // JVNDB: JVNDB-2011-002976 // NVD: CVE-2011-2805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201108-055

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201108-055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002976

PATCH
title:HT5000url:http://support.apple.com/kb/HT5000
Trust: 0.8
title:HT4999url:http://support.apple.com/kb/HT4999
Trust: 0.8
title:Google Chromeurl:http://www.google.co.jp/chrome/
Trust: 0.8
title:stable-channel-updateurl:http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
Trust: 0.8
title:Google Chrome Same-origin policy bypasses bug fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119164
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-002976 // 
            
            
            
            CNNVD: CNNVD-201108-055

EXTERNAL IDS
db:NVDid:CVE-2011-2805
Trust: 2.9
db:OSVDBid:74257
Trust: 1.7
db:JVNDBid:JVNDB-2011-002976
Trust: 0.8
db:CNNVDid:CNNVD-201108-055
Trust: 0.7
db:BIDid:48960
Trust: 0.3
db:VULHUBid:VHN-50750
Trust: 0.1
db:PACKETSTORMid:105739
Trust: 0.1
sources:
            
            
            VULHUB: VHN-50750 // 
            
            
            
            BID: 48960 // 
            
            
            
            JVNDB: JVNDB-2011-002976 // 
            
            
            
            PACKETSTORM: 105739 // 
            
            
            
            CNNVD: CNNVD-201108-055 // 
            
            
            
            NVD: CVE-2011-2805

REFERENCES
url:http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2011//oct/msg00004.html
Trust: 1.7
url:http://code.google.com/p/chromium/issues/detail?id=89520
Trust: 1.7
url:http://support.apple.com/kb/ht4999
Trust: 1.7
url:http://support.apple.com/kb/ht5000
Trust: 1.7
url:http://osvdb.org/74257
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14583
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/68967
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2805
Trust: 0.8
url:http://jvn.jp/cert/jvnvu177979
Trust: 0.8
url:http://jvn.jp/cert/jvnvu585859
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2805
Trust: 0.8
url:http://www.google.com/chrome
Trust: 0.3
url:http://www.srware.net/forum/viewtopic.php?f=18&t=2552
Trust: 0.3
url:/archive/1/520068
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2011-2351
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2814
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2792
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2809
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2818
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-1440
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2823
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2815
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2816
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2827
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2352
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2359
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2354
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2799
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2338
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2790
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2797
Trust: 0.1
url:http://www.apple.com/safari/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2356
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2805
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2800
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2339
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2813
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2817
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2788
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2819
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2341
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2820
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2811
Trust: 0.1
sources:
            
            
            VULHUB: VHN-50750 // 
            
            
            
            BID: 48960 // 
            
            
            
            JVNDB: JVNDB-2011-002976 // 
            
            
            
            PACKETSTORM: 105739 // 
            
            
            
            CNNVD: CNNVD-201108-055 // 
            
            
            
            NVD: CVE-2011-2805

CREDITS
Sergey Glazunov, miaubiz, Martin Barbella, kuzzcc, Evan Martin of the Chromium development community, Olli Pettay of Mozilla, Mikolaj Malecki, Mario Gomes, Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences, Shih Wei-Long, Google
Trust: 0.3
sources:
            
            
            BID: 48960

SOURCES
db:VULHUBid:VHN-50750
db:BIDid:48960
db:JVNDBid:JVNDB-2011-002976
db:PACKETSTORMid:105739
db:CNNVDid:CNNVD-201108-055
db:NVDid:CVE-2011-2805

LAST UPDATE DATE
2025-04-11T20:46:43.203000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-50750date:2020-05-20T00:00:00
db:BIDid:48960date:2012-08-07T23:22:00
db:JVNDBid:JVNDB-2011-002976date:2011-11-21T00:00:00
db:CNNVDid:CNNVD-201108-055date:2020-05-21T00:00:00
db:NVDid:CVE-2011-2805date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-50750date:2011-08-03T00:00:00
db:BIDid:48960date:2011-08-02T00:00:00
db:JVNDBid:JVNDB-2011-002976date:2011-11-21T00:00:00
db:PACKETSTORMid:105739date:2011-10-13T02:39:59
db:CNNVDid:CNNVD-201108-055date:2011-08-03T00:00:00
db:NVDid:CVE-2011-2805date:2011-08-03T00:55:02.520