Описание
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 61.0.3163.100-0ubuntu1.1378 |
| bionic | released | 61.0.3163.100-0ubuntu1.1378 |
| cosmic | released | 61.0.3163.100-0ubuntu1.1378 |
| devel | released | 61.0.3163.100-0ubuntu1.1378 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [61.0.3163.100-0ubuntu0.14.04.1202]] |
| precise/esm | DNE | |
| trusty | released | 61.0.3163.100-0ubuntu0.14.04.1202 |
| trusty/esm | DNE | trusty was released [61.0.3163.100-0ubuntu0.14.04.1202] |
| upstream | released | 61.0.3163.79 |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [Ubuntu touch end-of-life]] |
| esm-infra/xenial | ignored | Ubuntu touch end-of-life |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [Ubuntu touch end-of-life] |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
Inappropriate use of www mismatch redirects in browser navigation in G ...
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3