CVE-2015-6785 in Chromeinfo

Summary

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/31/2015

Disclosure

12/05/2015

Moderation

VulDB entry created

Entries

VDB-79368 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

5.3

EPSS

0.00768

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-6785
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-6785
CVE Details	https://www.cvedetails.com/cve/CVE-2015-6785/

◂ Previous Overview Next ▸