{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-09T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \\r\\n\\r\\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=244260"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071"}, {"name": "oval:org.mitre.oval:def:17033", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033"}, {"name": "DSA-2724", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2724"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2013-2853", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \\r\\n\\r\\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/chromium/issues/detail?id=244260", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=244260"}, {"name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=44b400c80726ee5d205a27730a0c846be656a071", "refsource": "CONFIRM", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=44b400c80726ee5d205a27730a0c846be656a071"}, {"name": "oval:org.mitre.oval:def:17033", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033"}, {"name": "DSA-2724", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2724"}, {"name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"}, {"name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f4f9f4948de5a59462e13ad712d7d9117238aeea", "refsource": "CONFIRM", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f4f9f4948de5a59462e13ad712d7d9117238aeea"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:52:20.637Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=244260"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071"}, {"name": "oval:org.mitre.oval:def:17033", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033"}, {"name": "DSA-2724", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2724"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-2853", "datePublished": "2013-07-10T10:00:00", "dateReserved": "2013-04-11T00:00:00", "dateUpdated": "2024-08-06T15:52:20.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2308189-A2A4-4BF4-9814-8635F24ABBC2", "versionEndIncluding": "28.0.1500.70", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*", "matchCriteriaId": "2102F988-D7FE-4C6B-B071-FAB66D89CB0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A52A00D-37EB-4E71-A3D5-1A46F1868A41", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*", "matchCriteriaId": "552543B1-4690-4175-A17D-54D7CA08BF2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*", "matchCriteriaId": "4C4EDFF6-400C-45FD-A104-5F4279DAD71B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*", "matchCriteriaId": "6EB3D069-0A5A-4D70-B04A-837B5C1B3AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*", "matchCriteriaId": "512D0FC8-F545-4469-90F8-A080AEAB13A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*", "matchCriteriaId": "79994932-02C8-46D8-8409-C687F7327A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*", "matchCriteriaId": "8EA6DE3E-E346-41EE-A9AA-D1EE21EF367E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*", "matchCriteriaId": "D9C28433-3BB5-45E9-B141-822CEDB91578", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*", "matchCriteriaId": "5089A0F8-8304-4103-A52F-0AD4D12AB377", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*", "matchCriteriaId": "7907622E-FE9D-458A-B41D-BBDEDDE70B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*", "matchCriteriaId": "7105D8C1-BE13-4A9C-A1E5-A153C51435BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*", "matchCriteriaId": "288DC523-66DD-404E-9C35-19BB8C81AA8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*", "matchCriteriaId": "6FC2E33D-BB49-4973-8D3F-B4067EBBDE10", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*", "matchCriteriaId": "46C95C7A-BAC1-49D5-AD31-B379F05B5628", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*", "matchCriteriaId": "5B037988-A751-4558-8BF0-554A811007A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*", "matchCriteriaId": "CE39F0F7-9B61-4680-AD52-52524E20F110", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*", "matchCriteriaId": "1DF1CC06-48DA-4384-AFC6-7A1119093459", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*", "matchCriteriaId": "D6B20E39-F264-41C4-8B18-086E615A77C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*", "matchCriteriaId": "C057174C-3F75-4407-B9F6-4F1E9D8842FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*", "matchCriteriaId": "4745501F-8661-4641-8072-E0581BFC41C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*", "matchCriteriaId": "F3BAA9F3-4A9F-4F2D-BE7C-9D8625690215", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*", "matchCriteriaId": "E30C28BC-E337-4C6E-9F7D-681039AA541B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*", "matchCriteriaId": "40113089-6D02-4B42-8FB2-B93AE6A0D4CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*", "matchCriteriaId": "953AE711-6295-41BC-9B7C-485728946A11", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*", "matchCriteriaId": "D4A82B23-6C3D-4AAA-B52D-B6B15E226E54", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*", "matchCriteriaId": "F01C37C8-ABF7-4CDC-A718-633E5E103681", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*", "matchCriteriaId": "C5DEB512-E8ED-4F5F-8031-4AED42B72B27", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*", "matchCriteriaId": "0CAC9DDD-26D1-4A15-B36C-AE13079F6034", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*", "matchCriteriaId": "D6F9522B-CF2F-40A8-BA0E-B338A9E871A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*", "matchCriteriaId": "179DBEF9-FD04-4C44-A419-E8537A65D340", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*", "matchCriteriaId": "B340E512-1D43-4DA2-B3A4-D33A0FB81375", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*", "matchCriteriaId": "5263FDC2-B2A7-4AFB-B99D-C1F567A3B4AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*", "matchCriteriaId": "A61378D0-E81E-4C71-8D87-178DDDFA4867", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*", "matchCriteriaId": "8502E889-80C6-4E68-94B3-021EDD41FB2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*", "matchCriteriaId": "9E4E8F52-CFC2-4531-BD67-66978E843DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*", "matchCriteriaId": "9082AAC1-9210-4759-9A6A-D25331936054", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*", "matchCriteriaId": "D794F153-0D70-44BB-BF56-15F2B3B3DF95", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*", "matchCriteriaId": "3AF97A34-B96D-4752-8004-EF2580BD3B0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*", "matchCriteriaId": "1CF3D341-45E3-4741-A5FF-1CA1D1C84105", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*", "matchCriteriaId": "49C331DD-69C4-43E1-A470-ED0CB560D331", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*", "matchCriteriaId": "FF1AAE18-3565-463C-ABEA-51E6CBE08F7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*", "matchCriteriaId": "B8B8408F-14F3-481D-AD1F-5AE2B11FD4DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*", "matchCriteriaId": "7804BC53-2543-43B6-AB92-929EEB75704C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*", "matchCriteriaId": "577FA02C-A930-43A5-B48F-0236DF20A007", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*", "matchCriteriaId": "0BE2CE01-CEC2-4F54-A967-4E86E2014024", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*", "matchCriteriaId": "71371339-DD76-41F1-8C1A-59CA3AD04707", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*", "matchCriteriaId": "8C0FECB8-6EEF-4DF7-BD07-ECA8542FFA06", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*", "matchCriteriaId": "F7037832-5B9F-4B8F-BFC0-51B660E14215", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*", "matchCriteriaId": "6B0E12DD-4FDD-46BC-B85F-5A828CF8041E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*", "matchCriteriaId": "761583AE-9299-4CCD-AAE6-AB031EBF8447", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*", "matchCriteriaId": "592CE453-782B-4CE5-9396-C9FD9B7EEF88", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*", "matchCriteriaId": "A1BB39B0-97DE-47B5-9E86-2B52873687AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*", "matchCriteriaId": "798CA97C-2E50-495E-B57A-4940568F935D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*", "matchCriteriaId": "30C8219F-FEC8-4318-A94C-251F81BDBD9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*", "matchCriteriaId": "E323736A-B834-4342-85FB-8FA970C76D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*", "matchCriteriaId": "F876E661-9999-4566-88FA-D180DFF2A8C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*", "matchCriteriaId": "72233F37-A5DC-4225-81DF-3FE80D3ABB48", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*", "matchCriteriaId": "5064E54C-6B5E-4A23-A970-7AC2CD26401C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*", "matchCriteriaId": "E7DF79D2-2CFA-4247-A92A-A998CB234E3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*", "matchCriteriaId": "B4904FA7-84DD-4433-9FEE-B93D76AEC1F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*", "matchCriteriaId": "85DE6B5E-83AD-469D-A497-05B1715C895C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \\r\\n\\r\\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation."}, {"lang": "es", "value": "La implementaci\u00f3n HTTPS en Google Chrome anterior a 28.0.1500.71 no verifica que las cabeceras finalicen con \\r\\n\\r\\n (retorno de carro, nueva l\u00ednea, retorno de carro, nueva l\u00ednea), lo que permite a atacantes man-in-the-middle, provocar un impacto no especificado a trav\u00e9s de vectores que provocan un truncado de cabecera."}], "id": "CVE-2013-2853", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-10T10:55:01.783", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071"}, {"source": "chrome-cve-admin@google.com", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2013/dsa-2724"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=244260"}, {"source": "chrome-cve-admin@google.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=244260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}