Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-5120

Published: 27/10/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome before 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote malicious user to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

debian debian linux 9.0

debian debian linux 10.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Debian Security Advisories: DSA-3985-1 chromium-browser -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library CVE-2017-5113 A buffer overflow issue was discovered in the skia library CVE-2017-5114 ...
Red Hat: CVE-2017-5120
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 610316379 for Mac, Windows, and Linux, and 610316381 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page In other words, Chrome could transmit cleartext even though the user had entered an htt ...
Arch Linux Issues:
A potential issue leading to HTTPS downgrade during redirect navigation has been found in the Chromium browser < 610316379 ...

References

NVD-CWE-noinfohttps://crbug.com/718676https://security.gentoo.org/glsa/201709-15https://access.redhat.com/errata/RHSA-2017:2676http://www.securitytracker.com/id/1039291http://www.securityfocus.com/bid/100610http://www.debian.org/security/2017/dsa-3985https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3985
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692CVE-2012-1823memory leakCVE-2024-0627CVE-2024-31402privilege escalationCVE-2024-36418remote code executionCVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook