Details of VAR-201112-0288

ID

VAR-201112-0288

CVE

CVE-2011-4692

TITLE

WebKit Vulnerabilities in which image data in browser cache is presumed

Trust: 0.8

sources: JVNDB: JVNDB-2011-003316

DESCRIPTION

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. WebKit is prone to an information-disclosure vulnerability. A remote attacker can exploit this issue to obtain sensitive information that may aid in further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2011-4692 // JVNDB: JVNDB-2011-003316 // BID: 51050 // VULHUB: VHN-52637

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	lte	version:	15	Trust: 1.8
vendor:	apple	model:	safari	scope:	lte	version:	5.1.1	Trust: 1.8
vendor:	apple	model:	webkit	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.9
vendor:	apple	model:	webkit	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.220	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.101	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.94	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.57	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.100	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.223	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.303	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.20	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.43	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.300	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.203	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.105	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.10	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.211	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.18	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.221	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.104	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.12	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.213	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.306	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.102	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.204	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.307	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.208	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.128	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.19	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.301	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.14	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.15	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.205	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.16	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.17	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.204	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.222	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.215	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.127	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.65	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.225	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.21	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.107	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.302	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.219	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.310	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.218	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.103	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.217	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.224	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.112	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.71	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.100	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.13	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.91	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.308	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.84	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.210	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.550.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.107	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.120	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.77	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.309	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.214	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.209	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.202	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.226	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.201	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.11	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.68	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.672.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.121	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.163	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.549.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.304	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.207	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.112	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.212	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.305	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.216	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.237	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.344	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874102	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.206	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.133	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.215	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.205	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.200	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.186	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.202	Trust: 0.3

sources: BID: 51050 // JVNDB: JVNDB-2011-003316 // CNNVD: CNNVD-201112-093 // NVD: CVE-2011-4692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4692
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4692
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-093
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-52637
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4692
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-52637
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-52637 // JVNDB: JVNDB-2011-003316 // CNNVD: CNNVD-201112-093 // NVD: CVE-2011-4692

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-52637 // JVNDB: JVNDB-2011-003316 // NVD: CVE-2011-4692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-093

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201112-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003316

PATCH

title:	Top Page	url:	http://www.apple.com/	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8

sources: JVNDB: JVNDB-2011-003316

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4692	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-003316	Trust: 0.8
db:	CNNVD	id:	CNNVD-201112-093	Trust: 0.7
db:	NSFOCUS	id:	18334	Trust: 0.6
db:	NSFOCUS	id:	18376	Trust: 0.6
db:	BID	id:	51050	Trust: 0.4
db:	VULHUB	id:	VHN-52637	Trust: 0.1

sources: VULHUB: VHN-52637 // BID: 51050 // JVNDB: JVNDB-2011-003316 // CNNVD: CNNVD-201112-093 // NVD: CVE-2011-4692

REFERENCES

url:	http://oxplot.github.com/visipisi/visipisi.html	Trust: 2.0
url:	http://lcamtuf.coredump.cx/cachetime/	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14098	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4692	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4692	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/18376	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18334	Trust: 0.6
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-52637 // BID: 51050 // JVNDB: JVNDB-2011-003316 // CNNVD: CNNVD-201112-093 // NVD: CVE-2011-4692

CREDITS

Unknown

Trust: 0.3

sources: BID: 51050

SOURCES

db:	VULHUB	id:	VHN-52637
db:	BID	id:	51050
db:	JVNDB	id:	JVNDB-2011-003316
db:	CNNVD	id:	CNNVD-201112-093
db:	NVD	id:	CVE-2011-4692

LAST UPDATE DATE

2024-11-23T22:35:33.885000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-52637	date:	2017-09-19T00:00:00
db:	BID	id:	51050	date:	2015-03-19T08:34:00
db:	JVNDB	id:	JVNDB-2011-003316	date:	2011-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201112-093	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4692	date:	2024-11-21T01:32:47.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-52637	date:	2011-12-07T00:00:00
db:	BID	id:	51050	date:	2011-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2011-003316	date:	2011-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201112-093	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4692	date:	2011-12-07T19:55:03.267