Описание
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 31.0.1650.63-0ubuntu1~20131204.1 |
| lucid | ignored | end of life |
| precise | released | 31.0.1650.63-0ubuntu0.12.04.1~20131204.1 |
| quantal | released | 31.0.1650.63-0ubuntu0.12.10.1~20131204.1 |
| raring | released | 31.0.1650.63-0ubuntu0.13.04.1~20131204.1 |
| saucy | released | 31.0.1650.63-0ubuntu0.13.10.1~20131204.1 |
| upstream | released | 31.0.1650.48 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Google Chrome before 29 sends HTTP Cookie headers without first valida ...
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
EPSS
6.8 Medium
CVSS2