Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-0643

Опубликовано: 12 фев. 2019
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser.

In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerability. However, in all cases an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.

The security update addresses the vulnerability by correcting how Microsoft Edge handles cross-origin requests.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2019
4487044
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

EPSS

Процентиль: 93%
0.09903
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-0643

CVSS3: 4.3
nvd
почти 7 лет назад

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.

github логотип

GHSA-pmjq-g8x2-ph7x

CVSS3: 4.3
github
больше 3 лет назад

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.

fstec логотип

BDU:2019-00806

CVSS3: 4.3
fstec
почти 7 лет назад

Уязвимость браузера Microsoft Edge, связанная с ошибками обработки служебных данных, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

EPSS

Процентиль: 93%
0.09903
Низкий

4.3 Medium

CVSS3