ID

VAR-201109-0209


CVE

CVE-2011-2855


TITLE

Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-002656

DESCRIPTION

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node.". Used in multiple products Webkit There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible. Versions prior to Chrome 14.0.835.163 are vulnerable. Google Chrome is a web browser developed by Google (Google). These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems. Third-party websites could set cookies if the "Block Cookies" preference in Safari was set to the default setting of "From third parties and advertisers". CVE-ID CVE-2012-0640 : nshah WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista, XP SP2 or later Impact: HTTP authentication credentials may be inadvertently disclosed to another site Description: If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-03-07-2 iOS 5.1 Software Update iOS 5.1 Software Update is now available and addresses the following: CFNetwork Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. CVE-ID CVE-2012-0641 : Erling Ellingsen of Facebook HFS Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution Description: An integer underflow existed with the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g Kernel Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. CVE-ID CVE-2012-0643 : 2012 iOS Jailbreak Dream Team libresolv Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive Passcode Lock Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen. CVE-ID CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Web page visits may be recorded in browser history even when Private Browsing is active Description: Safari's Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active. CVE-ID CVE-2012-0585 : Eric Melville of American Express Siri Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: An attacker with physical access to a locked phone could get access to frontmost email message Description: A design issue existed in Siri's lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen. CVE-ID CVE-2012-0645 VPN Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges Description: A format string vulnerability existed in the handling of racoon configuration files. CVE-ID CVE-2012-0646 : pod2g WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. CVE-ID CVE-2011-3887 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins. CVE-ID CVE-2012-0590 : Adam Barth of Google Chrome Security Team WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-origin issues existed in WebKit. CVE-ID CVE-2011-3881 : Sergey Glazunov CVE-2012-0586 : Sergey Glazunov CVE-2012-0587 : Sergey Glazunov CVE-2012-0588 : Jochen Eisinger of Google Chrome Team CVE-2012-0589 : Alan Austin of polyvore.com WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-2833 : Apple CVE-2011-2846 : Arthur Gerkis, miaubiz CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP CVE-2011-2857 : miaubiz CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2867 : Dirk Schulze CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2877 : miaubiz CVE-2011-3885 : miaubiz CVE-2011-3888 : miaubiz CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative CVE-2011-3908 : Aki Helin of OUSPG CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2012-0591 : miaubiz, and Martin Barbella CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative CVE-2012-0593 : Lei Zhang of the Chromium development community CVE-2012-0594 : Adam Klein of the Chromium development community CVE-2012-0595 : Apple CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0597 : miaubiz CVE-2012-0598 : Sergey Glazunov CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple CVE-2012-0601 : Apple CVE-2012-0602 : Apple CVE-2012-0603 : Apple CVE-2012-0604 : Apple CVE-2012-0605 : Apple CVE-2012-0606 : Apple CVE-2012-0607 : Apple CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0611 : Martin Barbella using AddressSanitizer CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0615 : Martin Barbella using AddressSanitizer CVE-2012-0616 : miaubiz CVE-2012-0617 : Martin Barbella using AddressSanitizer CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0621 : Martin Barbella using AddressSanitizer CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0624 : Martin Barbella using AddressSanitizer CVE-2012-0625 : Martin Barbella CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0627 : Apple CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0630 : Sergio Villar Senin of Igalia CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer CVE-2012-0633 : Apple CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq 4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90 HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6 7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY= =qPeE -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: November 01, 2011 Bugs: #351525, #353626, #354121, #356933, #357963, #358581, #360399, #363629, #365125, #366335, #367013, #368649, #370481, #373451, #373469, #377475, #377629, #380311, #380897, #381713, #383251, #385649, #388461 ID: 201111-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 15.0.874.102 >= 15.0.874.102 2 dev-lang/v8 < 3.5.10.22 >= 3.5.10.22 ------------------------------------------------------------------- 2 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57). A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-15.0.874.102" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22" References ========== [ 1 ] CVE-2011-2345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2345 [ 2 ] CVE-2011-2346 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2346 [ 3 ] CVE-2011-2347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2347 [ 4 ] CVE-2011-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2348 [ 5 ] CVE-2011-2349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2349 [ 6 ] CVE-2011-2350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2350 [ 7 ] CVE-2011-2351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2351 [ 8 ] CVE-2011-2834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834 [ 9 ] CVE-2011-2835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2835 [ 10 ] CVE-2011-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2837 [ 11 ] CVE-2011-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2838 [ 12 ] CVE-2011-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2839 [ 13 ] CVE-2011-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2840 [ 14 ] CVE-2011-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2841 [ 15 ] CVE-2011-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2843 [ 16 ] CVE-2011-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2844 [ 17 ] CVE-2011-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2845 [ 18 ] CVE-2011-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2846 [ 19 ] CVE-2011-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2847 [ 20 ] CVE-2011-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2848 [ 21 ] CVE-2011-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2849 [ 22 ] CVE-2011-2850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2850 [ 23 ] CVE-2011-2851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2851 [ 24 ] CVE-2011-2852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2852 [ 25 ] CVE-2011-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2853 [ 26 ] CVE-2011-2854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2854 [ 27 ] CVE-2011-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2855 [ 28 ] CVE-2011-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2856 [ 29 ] CVE-2011-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2857 [ 30 ] CVE-2011-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2858 [ 31 ] CVE-2011-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2859 [ 32 ] CVE-2011-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2860 [ 33 ] CVE-2011-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2861 [ 34 ] CVE-2011-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2862 [ 35 ] CVE-2011-2864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2864 [ 36 ] CVE-2011-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2874 [ 37 ] CVE-2011-3234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3234 [ 38 ] CVE-2011-3873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3873 [ 39 ] CVE-2011-3875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3875 [ 40 ] CVE-2011-3876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3876 [ 41 ] CVE-2011-3877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3877 [ 42 ] CVE-2011-3878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3878 [ 43 ] CVE-2011-3879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3879 [ 44 ] CVE-2011-3880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3880 [ 45 ] CVE-2011-3881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3881 [ 46 ] CVE-2011-3882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3882 [ 47 ] CVE-2011-3883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3883 [ 48 ] CVE-2011-3884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3884 [ 49 ] CVE-2011-3885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3885 [ 50 ] CVE-2011-3886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3886 [ 51 ] CVE-2011-3887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3887 [ 52 ] CVE-2011-3888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3888 [ 53 ] CVE-2011-3889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3889 [ 54 ] CVE-2011-3890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3890 [ 55 ] CVE-2011-3891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3891 [ 56 ] Release Notes 10.0.648.127 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html [ 57 ] Release Notes 10.0.648.133 http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html [ 58 ] Release Notes 10.0.648.205 http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html [ 59 ] Release Notes 11.0.696.57 http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html [ 60 ] Release Notes 11.0.696.65 http://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html [ 61 ] Release Notes 11.0.696.68 http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html [ 62 ] Release Notes 11.0.696.71 http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html [ 63 ] Release Notes 12.0.742.112 http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html [ 64 ] Release Notes 12.0.742.91 http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html [ 65 ] Release Notes 13.0.782.107 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html [ 66 ] Release Notes 13.0.782.215 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html [ 67 ] Release Notes 13.0.782.220 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html [ 68 ] Release Notes 14.0.835.163 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html [ 69 ] Release Notes 14.0.835.202 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html [ 70 ] Release Notes 15.0.874.102 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html [ 71 ] Release Notes 8.0.552.237 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html [ 72 ] Release Notes 9.0.597.107 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html [ 73 ] Release Notes 9.0.597.84 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html [ 74 ] Release Notes 9.0.597.94 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2011-2855 // JVNDB: JVNDB-2011-002656 // BID: 49658 // VULHUB: VHN-50800 // PACKETSTORM: 110716 // PACKETSTORM: 110590 // PACKETSTORM: 110591 // PACKETSTORM: 106471

AFFECTED PRODUCTS

vendor:googlemodel:chromescope:ltversion:14.0.835.163

Trust: 1.8

vendor:applemodel:itunesscope:ltversion:10.6

Trust: 1.8

vendor:applemodel:safariscope:ltversion:5.1.4

Trust: 1.8

vendor:applemodel:iphone osscope:ltversion:5.1

Trust: 1.0

vendor:googlemodel:chromescope:eqversion:7.0.512.0

Trust: 0.9

vendor:googlemodel:chromescope:eqversion:7.0.513.0

Trust: 0.9

vendor:googlemodel:chromescope:eqversion:7.0.511.4

Trust: 0.9

vendor:googlemodel:chromescope:eqversion:7.0.511.2

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.3

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.3

Trust: 0.8

vendor:applemodel:iosscope:ltversion:5.1 (ipad and ipad 2)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:5.1 (iphone 3gs)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:5.1 (iphone 4)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:5.1 (iphone 4s)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:5.1 (ipod touch (3rd generation) or later )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:googlemodel:chromescope:eqversion:5.0.350.0

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:6.0.472.18

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:13.0.782.7

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:6.0.472.39

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:5.0.360.4

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:6.0.472.31

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.100

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.539.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.529.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.203

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.105

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.499.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.39

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.507.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.213

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.306

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.530.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.208

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.507.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.18

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.15

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.127

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.225

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.20

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.535.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.514.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.219

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.218

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.217

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.27

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.7

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.518.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.38

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.536.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.23

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.77

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.11

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.209

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.226

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.37

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.531.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.26

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.112

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.216

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.344

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.215

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.200

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.537.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.57

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.303

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.506.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.211

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.18

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.104

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.12

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.503.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.521.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.507.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.520.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.528.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.17

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.35

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.215

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.31

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.498.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.16

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.302

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.310

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.515.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.34

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.499.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.13

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.529.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.503.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.24

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.33

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:14

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.202

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.68

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.507.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.36

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.42

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.549.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.207

Trust: 0.3

vendor:googlemodel:chromescope:neversion:14.0.835.163

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.516.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.522.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.94

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.223

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.531.0

Trust: 0.3

vendor:applemodel:tvscope:neversion:5.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.536.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.28

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.30

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.204

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.551.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.128

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.19

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.301

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.544.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.500.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.14

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.222

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.65

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.21

Trust: 0.3

vendor:junipermodel:ctpview 7.0r1scope:neversion: -

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.12

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.4

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.112

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.100

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.14

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.540.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.542.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.529.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.510.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.547.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.536.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.9

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.7.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.13

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.551.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.547.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.509.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.40

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.514.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.212

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.29

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.206

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.133

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.19

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.25

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.220

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.101

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.511.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.531.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.20

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.43

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.300

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.535.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.10

Trust: 0.3

vendor:avayamodel:aura conferencing sp1 standardscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.1.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.541.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.221

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.536.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.524.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.102

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.17

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.307

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.205

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.16

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.204

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:iosscope:neversion:5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.526.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.21

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.505.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.497.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:5.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.103

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.224

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.71

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.548.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.91

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.308

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.84

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.210

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.550.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.525.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.500.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.309

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.214

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.201

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.11

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.32

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.22

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.672.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.43

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.504.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.44

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.304

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.305

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:8.0.552.237

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.41

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1.4

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.205

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.536.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.538.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.519.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

sources: BID: 49658 // JVNDB: JVNDB-2011-002656 // CNNVD: CNNVD-201109-301 // NVD: CVE-2011-2855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2855
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-2855
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201109-301
value: HIGH

Trust: 0.6

VULHUB: VHN-50800
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-2855
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2011-2855
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-50800
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-50800 // JVNDB: JVNDB-2011-002656 // CNNVD: CNNVD-201109-301 // NVD: CVE-2011-2855

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-50800 // JVNDB: JVNDB-2011-002656 // NVD: CVE-2011-2855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-301

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201109-301

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002656

PATCH

title:HT5190url:http://support.apple.com/kb/HT5190

Trust: 0.8

title:HT5191url:http://support.apple.com/kb/HT5191

Trust: 0.8

title:HT5192url:http://support.apple.com/kb/HT5192

Trust: 0.8

title:Google Chromeurl:http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja

Trust: 0.8

title:stable-channel-update_16url:http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Trust: 0.8

title:naclurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41604

Trust: 0.6

title:IronPortableurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41603

Trust: 0.6

title:srware_ironurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41605

Trust: 0.6

sources: JVNDB: JVNDB-2011-002656 // CNNVD: CNNVD-201109-301

EXTERNAL IDS

db:NVDid:CVE-2011-2855

Trust: 3.2

db:SECUNIAid:48377

Trust: 1.7

db:SECUNIAid:48274

Trust: 1.7

db:SECUNIAid:48288

Trust: 1.7

db:SECTRACKid:1026774

Trust: 1.7

db:OSVDBid:75557

Trust: 1.7

db:JVNDBid:JVNDB-2011-002656

Trust: 0.8

db:CNNVDid:CNNVD-201109-301

Trust: 0.7

db:JUNIPERid:JSA10658

Trust: 0.3

db:BIDid:49658

Trust: 0.3

db:VULHUBid:VHN-50800

Trust: 0.1

db:PACKETSTORMid:110716

Trust: 0.1

db:PACKETSTORMid:110590

Trust: 0.1

db:PACKETSTORMid:110591

Trust: 0.1

db:PACKETSTORMid:106471

Trust: 0.1

sources: VULHUB: VHN-50800 // BID: 49658 // JVNDB: JVNDB-2011-002656 // PACKETSTORM: 110716 // PACKETSTORM: 110590 // PACKETSTORM: 110591 // PACKETSTORM: 106471 // CNNVD: CNNVD-201109-301 // NVD: CVE-2011-2855

REFERENCES

url:http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Trust: 2.1

url:http://lists.apple.com/archives/security-announce/2012/mar/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2012/mar/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2012/mar/msg00003.html

Trust: 1.7

url:http://code.google.com/p/chromium/issues/detail?id=92959

Trust: 1.7

url:http://osvdb.org/75557

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14485

Trust: 1.7

url:http://www.securitytracker.com/id?1026774

Trust: 1.7

url:http://secunia.com/advisories/48274

Trust: 1.7

url:http://secunia.com/advisories/48288

Trust: 1.7

url:http://secunia.com/advisories/48377

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69882

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2855

Trust: 0.8

url:http://jvn.jp/cert/jvnvu428075/

Trust: 0.8

url:http://jvn.jp/cert/jvnvu479643/

Trust: 0.8

url:http://jvn.jp/cert/jvnvu341747/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2855

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-2847

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2011-2855

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2011-2854

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2011-2846

Trust: 0.4

url:http://support.apple.com/kb/ht5504

Trust: 0.3

url:http://www.google.com/chrome

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos2

Trust: 0.3

url:/archive/1/520068

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100153798

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156064

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100158911

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2867

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3888

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2872

Trust: 0.3

url:http://support.apple.com/kb/ht1222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2877

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2871

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2869

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2860

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3885

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2873

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2870

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2868

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2857

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3897

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2825

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3908

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3909

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2833

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3887

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0585

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3928

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0586

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3881

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2866

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0584

Trust: 0.1

url:http://www.apple.com/safari/download/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0596

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0593

Trust: 0.1

url:http://www.apple.com/itunes/download/

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0587

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2841

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2351

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2847

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3875

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3890

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2350

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2848

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2835

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2837

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3879

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3888

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2859

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3881

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3889

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2351

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2844

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2843

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3876

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2345

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2837

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2853

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2845

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3877

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2349

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3880

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201111-01.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2347

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2841

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2835

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2349

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2861

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2862

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2852

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2838

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2346

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2858

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3891

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3887

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3878

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2840

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2854

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2850

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2834

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3883

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2840

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2857

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2856

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2347

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2846

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2348

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2856

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2348

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2864

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2350

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2345

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2860

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3234

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2845

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2848

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3886

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3882

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3885

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2843

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-50800 // BID: 49658 // JVNDB: JVNDB-2011-002656 // PACKETSTORM: 110716 // PACKETSTORM: 110590 // PACKETSTORM: 110591 // PACKETSTORM: 106471 // CNNVD: CNNVD-201109-301 // NVD: CVE-2011-2855

CREDITS

Ryan Sleevi of the Chromium development community, electronixtar, wbrana, Michal Zalewski of the Google Security Team, Kostya Serebryany of the Chromium development community, kuzzcc, Mario Gomes, Aaron Sigel of vtty.com, Kostya Serebryany of the Chromium

Trust: 0.3

sources: BID: 49658

SOURCES

db:VULHUBid:VHN-50800
db:BIDid:49658
db:JVNDBid:JVNDB-2011-002656
db:PACKETSTORMid:110716
db:PACKETSTORMid:110590
db:PACKETSTORMid:110591
db:PACKETSTORMid:106471
db:CNNVDid:CNNVD-201109-301
db:NVDid:CVE-2011-2855

LAST UPDATE DATE

2024-11-23T21:00:47.697000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-50800date:2020-05-08T00:00:00
db:BIDid:49658date:2015-04-13T21:27:00
db:JVNDBid:JVNDB-2011-002656date:2012-03-21T00:00:00
db:CNNVDid:CNNVD-201109-301date:2020-05-09T00:00:00
db:NVDid:CVE-2011-2855date:2024-11-21T01:29:08.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-50800date:2011-09-19T00:00:00
db:BIDid:49658date:2011-09-16T00:00:00
db:JVNDBid:JVNDB-2011-002656date:2011-11-02T00:00:00
db:PACKETSTORMid:110716date:2012-03-13T00:58:40
db:PACKETSTORMid:110590date:2012-03-08T22:22:22
db:PACKETSTORMid:110591date:2012-03-08T22:23:23
db:PACKETSTORMid:106471date:2011-11-01T15:58:39
db:CNNVDid:CNNVD-201109-301date:2011-09-20T00:00:00
db:NVDid:CVE-2011-2855date:2011-09-19T12:02:56.217