CVE-2015-6785 in Chromeالمعلومات

الملخص

بحسب MITRE

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

حجز

31/08/2015

إفشاء

05/12/2015

الاعتدال

تمت الموافقة

إدخال

VDB-79368

EPSS

0.01721

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!