Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5624

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5624
Last Modified 26 Feb 2013 12:00:00
Published 24 Feb 2013 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5624

Summary

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

  • Ubuntu 10.04

  • Ubuntu 11.10

  • Ubuntu 12.04

  • Ubuntu 12.10

Application

  • Digia Qt 1.41

  • Digia Qt 1.42

  • Digia Qt 1.43

  • Digia Qt 1.44

  • Digia Qt 1.45

  • Digia Qt 2.0.0

  • Digia Qt 2.0.1

  • Digia Qt 2.0.2

  • Digia Qt 3.3.0

  • Digia Qt 3.3.1

  • Digia Qt 3.3.2

  • Digia Qt 3.3.3

  • Digia Qt 3.3.4

  • Digia Qt 3.3.5

  • Digia Qt 3.3.6

  • Digia Qt 4.0.0

  • Digia Qt 4.0.1

  • Digia Qt 4.1.0

  • Digia Qt 4.1.1

  • Digia Qt 4.1.2

  • Digia Qt 4.1.3

  • Digia Qt 4.1.4

  • Digia Qt 4.1.5

  • Digia Qt 4.2.0

  • Digia Qt 4.2.1

  • Digia Qt 4.2.3

  • Digia Qt 4.3.0

  • Digia Qt 4.3.1

  • Digia Qt 4.3.2

  • Digia Qt 4.3.3

  • Digia Qt 4.3.4

  • Digia Qt 4.3.5

  • Digia Qt 4.4.0

  • Digia Qt 4.4.1

  • Digia Qt 4.4.2

  • Digia Qt 4.4.3

  • Digia Qt 4.5.0

  • Digia Qt 4.5.1

  • Digia Qt 4.5.2

  • Digia Qt 4.5.3

  • Digia Qt 4.6.0

  • Digia Qt 4.6.1

  • Digia Qt 4.6.2

  • Digia Qt 4.6.3

  • Digia Qt 4.6.4

  • Digia Qt 4.6.5

  • Digia Qt 4.7.0

  • Digia Qt 4.7.1

  • Digia Qt 4.7.2

  • Digia Qt 4.7.3

  • Digia Qt 4.7.4

  • Digia Qt 4.7.5

  • Digia Qt 4.7.6

  • Digia Qt 4.8.0

  • Digia Qt 4.8.1

  • Digia Qt 4.8.2

  • Digia Qt 4.8.3


References

CONFIRM - https://codereview.qt-project.org/#change,40034

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=883415

UBUNTU - USN-1723-1

MLIST - [oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection

SECUNIA - 52217

CONFIRM - http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71

MLIST - [Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection

SUSE - openSUSE-SU-2013:0157

SUSE - openSUSE-SU-2013:0154

SUSE - openSUSE-SU-2013:0143


Last Updated: 27 May 2016 11:01:56