Описание
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | ignored | uses its own embedded webkit |
| hardy | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | no webkit |
| devel | not-affected | webkit isn't built |
| hardy | not-affected | no webkit |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | not-affected | webkit isn't built |
| natty | not-affected | webkit isn't built |
| oneiric | not-affected | webkit isn't built |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.2.4-1ubuntu1 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | released | 1.2.5-0ubuntu0.9.10.1 |
| lucid | released | 1.2.5-0ubuntu0.10.04.1 |
| maverick | not-affected | 1.2.4-1ubuntu1 |
| natty | not-affected | 1.2.4-1ubuntu1 |
| oneiric | not-affected | 1.2.4-1ubuntu1 |
| upstream | released | 1.2.3 |
Показывать по
10 Critical
CVSS2
Связанные уязвимости
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementati ...
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
10 Critical
CVSS2