CVE-2011-1295 - OpenCVE

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Safari
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=74991	Permissions Required
http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html	Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html	Mailing List Third Party Advisory
http://secunia.com/advisories/43859	Third Party Advisory
http://support.apple.com/kb/HT4808	Third Party Advisory
http://support.apple.com/kb/HT4999	Third Party Advisory
http://www.securityfocus.com/bid/47029	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0765	Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/66302	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-03-25T19:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2011-03-06T00:00:00

Link: CVE-2011-1295

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-03-25T19:55:01.073

Modified: 2020-05-29T20:36:02.277

Link: CVE-2011-1295

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2011-0765", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0765"}, {"name": "APPLE-SA-2011-10-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"}, {"name": "43859", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43859"}, {"name": "47029", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47029"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"}, {"name": "oval:org.mitre.oval:def:14269", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4999"}, {"name": "google-chrome-node-code-exec(66302)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4808"}, {"name": "APPLE-SA-2011-07-20-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=74991"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0765", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0765"}, {"name": "APPLE-SA-2011-10-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"}, {"name": "43859", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43859"}, {"name": "47029", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47029"}, {"name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"}, {"name": "oval:org.mitre.oval:def:14269", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269"}, {"name": "http://support.apple.com/kb/HT4999", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4999"}, {"name": "google-chrome-node-code-exec(66302)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302"}, {"name": "http://support.apple.com/kb/HT4808", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4808"}, {"name": "APPLE-SA-2011-07-20-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=74991", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=74991"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1295", "datePublished": "2011-03-25T19:00:00", "dateReserved": "2011-03-06T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FD5F182-154B-4054-B074-30D4EDA42D33", "versionEndExcluding": "10.0.648.204", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0", "versionEndExcluding": "5.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA5FD370-334D-48C5-946C-ADB9C5D7FCDF", "versionEndExcluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors."}, {"lang": "es", "value": "WebKit, tal y como es usado en Google Chrome anterior a versi\u00f3n 10.0.648.204 y Apple Safari anterior a la versi\u00f3n 5.0.6, no maneja apropiadamente el parentesco entre nodos, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n del \u00e1rbol DOM), conducir ataques de tipo cross-site scripting (XSS), o posiblemente tener otro impacto no especificado por medio de vectores desconocidos."}], "id": "CVE-2011-1295", "lastModified": "2020-05-29T20:36:02.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-25T19:55:01.073", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://code.google.com/p/chromium/issues/detail?id=74991"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43859"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4808"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4999"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/47029"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0765"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}