{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-24T19:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:0157", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"}, {"name": "USN-1723-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1723-1"}, {"name": "52217", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52217"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"}, {"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.qt-project.org/#change%2C40034"}, {"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"}, {"name": "openSUSE-SU-2013:0154", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"}, {"name": "openSUSE-SU-2013:0143", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2013:0157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"}, {"name": "USN-1723-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1723-1"}, {"name": "52217", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52217"}, {"name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71", "refsource": "CONFIRM", "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"}, {"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"}, {"name": "https://codereview.qt-project.org/#change,40034", "refsource": "CONFIRM", "url": "https://codereview.qt-project.org/#change,40034"}, {"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection", "refsource": "MLIST", "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"}, {"name": "openSUSE-SU-2013:0154", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"}, {"name": "openSUSE-SU-2013:0143", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.054Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:0157", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"}, {"name": "USN-1723-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1723-1"}, {"name": "52217", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52217"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"}, {"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.qt-project.org/#change%2C40034"}, {"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"}, {"name": "openSUSE-SU-2013:0154", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"}, {"name": "openSUSE-SU-2013:0143", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5624", "datePublished": "2013-02-24T19:00:00Z", "dateReserved": "2012-10-24T00:00:00Z", "dateUpdated": "2024-09-16T18:45:23.183Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F547829-91BE-4BF6-A19E-E592BC15FD8A", "versionEndIncluding": "4.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*", "matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*", "matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*", "matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*", "matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*", "matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*", "matchCriteriaId": "88365332-FA7E-42A6-BC52-4517EAAC90B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*", "matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."}, {"lang": "es", "value": "El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirecci\u00f3n http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener informaci\u00f3n sensible mediante un fichero: URL para una aplicaci\u00f3n QML."}], "evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1723-1/\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n", "id": "CVE-2012-5624", "lastModified": "2024-11-21T01:44:59.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-02-24T19:55:00.830", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"}, {"source": "secalert@redhat.com", "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"}, {"source": "secalert@redhat.com", "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52217"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1723-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}, {"source": "secalert@redhat.com", "url": "https://codereview.qt-project.org/#change%2C40034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1723-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://codereview.qt-project.org/#change%2C40034"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Qt: QML XmlHttpRequest insecure redirection", "id": "883415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."], "name": "CVE-2012-5624", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "qt4", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5624\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5624"], "statement": "Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of qt3 and qt as shipped with Red Hat Enterprise Linux 6.", "threat_severity": "Low", "upstream_fix": "Qt 4.8.4"}