Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-2853

Опубликовано: 10 июл. 2013
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 28.0.1500.70 (включая)
cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00315
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2013-2853

ubuntu
больше 12 лет назад

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

debian логотип

CVE-2013-2853

debian
больше 12 лет назад

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...

github логотип

GHSA-4w8v-46j6-77cf

github
больше 3 лет назад

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

EPSS

Процентиль: 54%
0.00315
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo