6.5

CVE-2017-5120

EPSS 0.87%
Veröffentlicht 27.10.2017 05:29:02
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 61.0.3163.79

   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Google ≫ Chrome Version < 61.0.3163.81

Google ≫ Android Version-

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.739

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://security.gentoo.org/glsa/201709-15

http://www.debian.org/security/2017/dsa-3985

http://www.securityfocus.com/bid/100610

http://www.securitytracker.com/id/1039291

https://access.redhat.com/errata/RHSA-2017:2676

https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

https://crbug.com/718676

https://nvd.nist.gov/vuln/detail/CVE-2017-5120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5120

EUVD