CVE-2012-5624

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
digiaqt
𝑥
≤ 4.8.3
qtqt
1.41
qtqt
1.42
qtqt
1.43
qtqt
1.44
qtqt
1.45
qtqt
2.0.0
qtqt
2.0.1
qtqt
2.0.2
qtqt
3.3.0
qtqt
3.3.1
qtqt
3.3.2
qtqt
3.3.3
qtqt
3.3.4
qtqt
3.3.5
qtqt
3.3.6
qtqt
4.0.0
qtqt
4.0.1
qtqt
4.1.0
qtqt
4.1.1
qtqt
4.1.2
qtqt
4.1.3
qtqt
4.1.4
qtqt
4.1.5
qtqt
4.2.0
qtqt
4.2.1
qtqt
4.2.3
qtqt
4.3.0
qtqt
4.3.1
qtqt
4.3.2
qtqt
4.3.3
qtqt
4.3.4
qtqt
4.3.5
qtqt
4.4.0
qtqt
4.4.1
qtqt
4.4.2
qtqt
4.4.3
qtqt
4.5.0
qtqt
4.5.1
qtqt
4.5.2
qtqt
4.5.3
qtqt
4.6.0
qtqt
4.6.0:rc1
qtqt
4.6.1
qtqt
4.6.2
qtqt
4.6.3
qtqt
4.6.4
qtqt
4.6.5
qtqt
4.6.5:rc
qtqt
4.7.0
qtqt
4.7.1
qtqt
4.7.2
qtqt
4.7.3
qtqt
4.7.4
qtqt
4.7.5
qtqt
4.7.6
qtqt
4.7.6:rc
qtqt
4.8.0
qtqt
4.8.1
qtqt
4.8.2
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
quantal
Fixed 4:4.8.3+dfsg-0ubuntu3.1
released
precise
Fixed 4:4.8.1-0ubuntu4.4
released
oneiric
Fixed 4:4.7.4-0ubuntu8.3
released
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
http://secunia.com/advisories/52217
http://www.openwall.com/lists/oss-security/2012/12/04/8
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=883415
https://codereview.qt-project.org/#change%2C40034
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
http://secunia.com/advisories/52217
http://www.openwall.com/lists/oss-security/2012/12/04/8
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=883415
https://codereview.qt-project.org/#change%2C40034