Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5851

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5851
Last Modified 19 Nov 2012 11:51:01
Published 15 Nov 2012 06:58:40
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5851

Summary

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

Vulnerable Systems

Application

  • Apple Safari 5.1.7

  • Apple Webkit

  • Google Chrome 22.0.1229.0

  • Google Chrome 22.0.1229.1

  • Google Chrome 22.0.1229.10

  • Google Chrome 22.0.1229.11

  • Google Chrome 22.0.1229.12

  • Google Chrome 22.0.1229.14

  • Google Chrome 22.0.1229.16

  • Google Chrome 22.0.1229.17

  • Google Chrome 22.0.1229.18

  • Google Chrome 22.0.1229.2

  • Google Chrome 22.0.1229.20

  • Google Chrome 22.0.1229.21

  • Google Chrome 22.0.1229.22

  • Google Chrome 22.0.1229.23

  • Google Chrome 22.0.1229.24

  • Google Chrome 22.0.1229.25

  • Google Chrome 22.0.1229.26

  • Google Chrome 22.0.1229.27

  • Google Chrome 22.0.1229.28

  • Google Chrome 22.0.1229.29

  • Google Chrome 22.0.1229.3

  • Google Chrome 22.0.1229.31

  • Google Chrome 22.0.1229.32

  • Google Chrome 22.0.1229.33

  • Google Chrome 22.0.1229.35

  • Google Chrome 22.0.1229.36

  • Google Chrome 22.0.1229.37

  • Google Chrome 22.0.1229.39

  • Google Chrome 22.0.1229.4

  • Google Chrome 22.0.1229.48

  • Google Chrome 22.0.1229.49

  • Google Chrome 22.0.1229.50

  • Google Chrome 22.0.1229.51

  • Google Chrome 22.0.1229.52

  • Google Chrome 22.0.1229.53

  • Google Chrome 22.0.1229.54

  • Google Chrome 22.0.1229.55

  • Google Chrome 22.0.1229.56

  • Google Chrome 22.0.1229.57

  • Google Chrome 22.0.1229.58

  • Google Chrome 22.0.1229.59

  • Google Chrome 22.0.1229.6

  • Google Chrome 22.0.1229.60

  • Google Chrome 22.0.1229.62

  • Google Chrome 22.0.1229.63

  • Google Chrome 22.0.1229.64

  • Google Chrome 22.0.1229.65

  • Google Chrome 22.0.1229.67

  • Google Chrome 22.0.1229.7

  • Google Chrome 22.0.1229.76

  • Google Chrome 22.0.1229.78

  • Google Chrome 22.0.1229.79

  • Google Chrome 22.0.1229.8

  • Google Chrome 22.0.1229.89

  • Google Chrome 22.0.1229.9

  • Google Chrome 22.0.1229.91

  • Google Chrome 22.0.1229.92

  • Google Chrome 22.0.1229.94

  • Google Chrome 22.0.1229.95

  • Google Chrome 22.0.1229.96


References

CONFIRM - https://bugs.webkit.org/show_bug.cgi?id=92692

MISC - http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html

XF - webkit-webcore-sec-bypass(80072)


Last Updated: 27 May 2016 10:58:28