CVE-2013-2853

EPSS 0.32%
Published 10.07.2013 10:55:01
Last modified 11.04.2025 00:51:21
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 28.0.1500.70

Google ≫ Chrome Version28.0.1500.0

Google ≫ Chrome Version28.0.1500.2

Google ≫ Chrome Version28.0.1500.3

Google ≫ Chrome Version28.0.1500.4

Google ≫ Chrome Version28.0.1500.5

Google ≫ Chrome Version28.0.1500.6

Google ≫ Chrome Version28.0.1500.8

Google ≫ Chrome Version28.0.1500.9

Google ≫ Chrome Version28.0.1500.10

Google ≫ Chrome Version28.0.1500.11

Google ≫ Chrome Version28.0.1500.12

Google ≫ Chrome Version28.0.1500.13

Google ≫ Chrome Version28.0.1500.14

Google ≫ Chrome Version28.0.1500.15

Google ≫ Chrome Version28.0.1500.16

Google ≫ Chrome Version28.0.1500.17

Google ≫ Chrome Version28.0.1500.18

Google ≫ Chrome Version28.0.1500.19

Google ≫ Chrome Version28.0.1500.20

Google ≫ Chrome Version28.0.1500.21

Google ≫ Chrome Version28.0.1500.22

Google ≫ Chrome Version28.0.1500.23

Google ≫ Chrome Version28.0.1500.24

Google ≫ Chrome Version28.0.1500.25

Google ≫ Chrome Version28.0.1500.26

Google ≫ Chrome Version28.0.1500.27

Google ≫ Chrome Version28.0.1500.28

Google ≫ Chrome Version28.0.1500.29

Google ≫ Chrome Version28.0.1500.31

Google ≫ Chrome Version28.0.1500.32

Google ≫ Chrome Version28.0.1500.33

Google ≫ Chrome Version28.0.1500.34

Google ≫ Chrome Version28.0.1500.35

Google ≫ Chrome Version28.0.1500.36

Google ≫ Chrome Version28.0.1500.37

Google ≫ Chrome Version28.0.1500.38

Google ≫ Chrome Version28.0.1500.39

Google ≫ Chrome Version28.0.1500.40

Google ≫ Chrome Version28.0.1500.41

Google ≫ Chrome Version28.0.1500.42

Google ≫ Chrome Version28.0.1500.43

Google ≫ Chrome Version28.0.1500.44

Google ≫ Chrome Version28.0.1500.45

Google ≫ Chrome Version28.0.1500.46

Google ≫ Chrome Version28.0.1500.47

Google ≫ Chrome Version28.0.1500.48

Google ≫ Chrome Version28.0.1500.49

Google ≫ Chrome Version28.0.1500.50

Google ≫ Chrome Version28.0.1500.51

Google ≫ Chrome Version28.0.1500.52

Google ≫ Chrome Version28.0.1500.53

Google ≫ Chrome Version28.0.1500.54

Google ≫ Chrome Version28.0.1500.56

Google ≫ Chrome Version28.0.1500.58

Google ≫ Chrome Version28.0.1500.59

Google ≫ Chrome Version28.0.1500.60

Google ≫ Chrome Version28.0.1500.61

Google ≫ Chrome Version28.0.1500.62

Google ≫ Chrome Version28.0.1500.63

Google ≫ Chrome Version28.0.1500.64

Google ≫ Chrome Version28.0.1500.66

Google ≫ Chrome Version28.0.1500.68

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.517

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071

http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea

http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html

http://www.debian.org/security/2013/dsa-2724

https://code.google.com/p/chromium/issues/detail?id=244260

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033

https://nvd.nist.gov/vuln/detail/CVE-2013-2853

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2853

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2853

EUVD