CVE-2011-1059 - OpenCVE

Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://code.google.com/p/chromium/issues/detail?id=70315
http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html
http://trac.webkit.org/changeset/77705
http://www.securityfocus.com/bid/46577
https://bugs.webkit.org/show_bug.cgi?id=52819
https://exchange.xforce.ibmcloud.com/vulnerabilities/65714
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-22T18:00:00

Updated: 2024-08-06T22:14:27.275Z

Reserved: 2011-02-22T00:00:00

Link: CVE-2011-1059

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-02-22T19:00:02.973

Modified: 2020-06-03T14:54:13.490

Link: CVE-2011-1059

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=70315"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.webkit.org/changeset/77705"}, {"name": "46577", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46577"}, {"name": "oval:org.mitre.oval:def:13943", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.webkit.org/show_bug.cgi?id=52819"}, {"name": "webkit-webcore-dos(65714)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65714"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1059", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/chromium/issues/detail?id=70315", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=70315"}, {"name": "http://trac.webkit.org/changeset/77705", "refsource": "CONFIRM", "url": "http://trac.webkit.org/changeset/77705"}, {"name": "46577", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46577"}, {"name": "oval:org.mitre.oval:def:13943", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=52819", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=52819"}, {"name": "webkit-webcore-dos(65714)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65714"}, {"name": "http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/chromium/issues/detail?id=70315"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.webkit.org/changeset/77705"}, {"name": "46577", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46577"}, {"name": "oval:org.mitre.oval:def:13943", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.webkit.org/show_bug.cgi?id=52819"}, {"name": "webkit-webcore-dos(65714)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65714"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1059", "datePublished": "2011-02-22T18:00:00", "dateReserved": "2011-02-22T00:00:00", "dateUpdated": "2024-08-06T22:14:27.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "9308C4AD-BE26-4710-B8B0-7A7C9B839A01", "versionEndExcluding": "11.0.672.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557."}, {"lang": "es", "value": "Vulnerabilidad uso despu\u00e9s de liberaci\u00f3n en WebCore en WebKit antes de r77705, tal y como se usa en Google Chrome antes de v11.0.672.2 y otros productos, permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente tener un impacto no especificado a trav\u00e9s de vectores que animan a un usuario a que vuelva a reenviar un formulario, en relaci\u00f3n con el manejo inadecuado de los elementos provisionales por el componente HistoryController. Es un problema tambien conocido como rdar 8938557."}], "id": "CVE-2011-1059", "lastModified": "2020-06-03T14:54:13.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-22T19:00:02.973", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=70315"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2011/02/dev-channel-update_17.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://trac.webkit.org/changeset/77705"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46577"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.webkit.org/show_bug.cgi?id=52819"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65714"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13943"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}