Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2013-6634

Опубликовано: 07 дек. 2013
Источник: ubuntu
Приоритет: medium
CVSS2: 6.8

Описание

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

РелизСтатусПримечание
devel

not-affected

31.0.1650.63-0ubuntu1~20131204.1
lucid

ignored

end of life
precise

released

31.0.1650.63-0ubuntu0.12.04.1~20131204.1
quantal

released

31.0.1650.63-0ubuntu0.12.10.1~20131204.1
raring

released

31.0.1650.63-0ubuntu0.13.04.1~20131204.1
saucy

released

31.0.1650.63-0ubuntu0.13.10.1~20131204.1
upstream

released

31.0.1650.63

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2013-6634

nvd
около 12 лет назад

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

debian логотип

CVE-2013-6634

debian
около 12 лет назад

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui ...

github логотип

GHSA-74gf-43jg-q6vr

github
больше 3 лет назад

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

6.8 Medium

CVSS2