CVE Vulnerabilities

CVE-2011-3887

Reliance on Cookies without Validation and Integrity Checking

Published: Oct 25, 2011 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

Weakness

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 15.0.874.102 (excluding)
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu maverick *
Chromium-browser Ubuntu natty *
Chromium-browser Ubuntu oneiric *
Chromium-browser Ubuntu upstream *
Qt4-x11 Ubuntu lucid *
Qtwebkit-source Ubuntu devel *
Qtwebkit-source Ubuntu esm-apps/xenial *
Qtwebkit-source Ubuntu maverick *
Qtwebkit-source Ubuntu natty *
Qtwebkit-source Ubuntu oneiric *
Qtwebkit-source Ubuntu precise *
Qtwebkit-source Ubuntu quantal *
Qtwebkit-source Ubuntu raring *
Qtwebkit-source Ubuntu saucy *
Qtwebkit-source Ubuntu trusty *
Qtwebkit-source Ubuntu utopic *
Qtwebkit-source Ubuntu vivid *
Qtwebkit-source Ubuntu wily *
Qtwebkit-source Ubuntu xenial *
Qtwebkit-source Ubuntu yakkety *
Webkit Ubuntu hardy *
Webkit Ubuntu lucid *
Webkit Ubuntu maverick *
Webkit Ubuntu natty *
Webkit Ubuntu oneiric *
Webkit Ubuntu precise *
Webkit Ubuntu quantal *
Webkit Ubuntu raring *
Webkit Ubuntu saucy *
Webkitgtk Ubuntu utopic *
Webkitgtk Ubuntu vivid *

Potential Mitigations

References