CVE-2015-1244

EUVD-2015-1385
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
debiandebian_linux
8.0
googlechrome
𝑥
≤ 42.0.2311.60
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
ignored
trusty
Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089
released
utopic
Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131
released
vivid
Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170
released
wily
Fixed 43.0.2357.81-0ubuntu1.1179
released
oxide-qt
lucid
dne
precise
dne
trusty
Fixed 1.6.5-0ubuntu0.14.04.1
released
utopic
Fixed 1.6.5-0ubuntu0.14.10.1
released
vivid
Fixed 1.6.5-0ubuntu0.15.04.1
released
wily
Fixed 1.7.7-0ubuntu0.15.04.1~ppa1
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010
https://code.google.com/p/chromium/issues/detail?id=455215
https://security.gentoo.org/glsa/201506-04
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010
https://code.google.com/p/chromium/issues/detail?id=455215
https://security.gentoo.org/glsa/201506-04