CVE-2013-2853

EUVD-2013-2792
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 28.0.1500.70
googlechrome
28.0.1500.0
googlechrome
28.0.1500.2
googlechrome
28.0.1500.3
googlechrome
28.0.1500.4
googlechrome
28.0.1500.5
googlechrome
28.0.1500.6
googlechrome
28.0.1500.8
googlechrome
28.0.1500.9
googlechrome
28.0.1500.10
googlechrome
28.0.1500.11
googlechrome
28.0.1500.12
googlechrome
28.0.1500.13
googlechrome
28.0.1500.14
googlechrome
28.0.1500.15
googlechrome
28.0.1500.16
googlechrome
28.0.1500.17
googlechrome
28.0.1500.18
googlechrome
28.0.1500.19
googlechrome
28.0.1500.20
googlechrome
28.0.1500.21
googlechrome
28.0.1500.22
googlechrome
28.0.1500.23
googlechrome
28.0.1500.24
googlechrome
28.0.1500.25
googlechrome
28.0.1500.26
googlechrome
28.0.1500.27
googlechrome
28.0.1500.28
googlechrome
28.0.1500.29
googlechrome
28.0.1500.31
googlechrome
28.0.1500.32
googlechrome
28.0.1500.33
googlechrome
28.0.1500.34
googlechrome
28.0.1500.35
googlechrome
28.0.1500.36
googlechrome
28.0.1500.37
googlechrome
28.0.1500.38
googlechrome
28.0.1500.39
googlechrome
28.0.1500.40
googlechrome
28.0.1500.41
googlechrome
28.0.1500.42
googlechrome
28.0.1500.43
googlechrome
28.0.1500.44
googlechrome
28.0.1500.45
googlechrome
28.0.1500.46
googlechrome
28.0.1500.47
googlechrome
28.0.1500.48
googlechrome
28.0.1500.49
googlechrome
28.0.1500.50
googlechrome
28.0.1500.51
googlechrome
28.0.1500.52
googlechrome
28.0.1500.53
googlechrome
28.0.1500.54
googlechrome
28.0.1500.56
googlechrome
28.0.1500.58
googlechrome
28.0.1500.59
googlechrome
28.0.1500.60
googlechrome
28.0.1500.61
googlechrome
28.0.1500.62
googlechrome
28.0.1500.63
googlechrome
28.0.1500.64
googlechrome
28.0.1500.66
googlechrome
28.0.1500.68
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 28.0.1500.71-0ubuntu1.12.04.1
released
quantal
Fixed 28.0.1500.71-0ubuntu1.12.10.1
released
raring
Fixed 28.0.1500.71-0ubuntu1.13.04.1
released
References
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2724
https://code.google.com/p/chromium/issues/detail?id=244260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2724
https://code.google.com/p/chromium/issues/detail?id=244260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033