CVE-2015-1244

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
debiandebian_linux
8.0
googlechrome
𝑥
≤ 42.0.2311.60
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
wily
Fixed 43.0.2357.81-0ubuntu1.1179
released
vivid
Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170
released
utopic
Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131
released
trusty
Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089
released
precise
ignored
lucid
ignored
oxide-qt
wily
Fixed 1.7.7-0ubuntu0.15.04.1~ppa1
released
vivid
Fixed 1.6.5-0ubuntu0.15.04.1
released
utopic
Fixed 1.6.5-0ubuntu0.14.10.1
released
trusty
Fixed 1.6.5-0ubuntu0.14.04.1
released
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010
https://code.google.com/p/chromium/issues/detail?id=455215
https://security.gentoo.org/glsa/201506-04
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010
https://code.google.com/p/chromium/issues/detail?id=455215
https://security.gentoo.org/glsa/201506-04