[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-6251Date: (C)2019-01-15   (M)2023-12-22


WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 5.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
https://seclists.org/bugtraq/2019/Apr/21
FEDORA-2019-432b3dff25
FEDORA-2019-74f7603660
FEDORA-2019-77433fc7f3
FEDORA-2019-b3ad0a302b
FEDORA-2019-d9a15be3ba
GLSA-201909-05
USN-3948-1
http://www.openwall.com/lists/oss-security/2019/04/11/1
http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
https://bugs.webkit.org/show_bug.cgi?id=194208
https://gitlab.gnome.org/GNOME/epiphany/issues/532
https://trac.webkit.org/changeset/243434
openSUSE-SU-2019:1374
openSUSE-SU-2019:1391

CPE    3
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/a:webkitgtk:webkitgtk
cpe:/a:gnome:epiphany
OVAL    15
oval:org.secpod.oval:def:89003460
oval:org.secpod.oval:def:54511
oval:org.secpod.oval:def:66422
oval:org.secpod.oval:def:89050862
...

© SecPod Technologies