Описание
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2853
- https://code.google.com/p/chromium/issues/detail?id=244260
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033
- http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071
- http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea
- http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=44b400c80726ee5d205a27730a0c846be656a071
- http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f4f9f4948de5a59462e13ad712d7d9117238aeea
- http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
- http://www.debian.org/security/2013/dsa-2724
EPSS
CVE ID
Связанные уязвимости
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...
EPSS