FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2853

This CVE name corresponds to:

Entered Topic
2013-07-10 chromium -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-2853 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-2853
Phase Assigned(20130411)

Description

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

References

Source Reference
CONFIRM http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=44b400c80726ee5d205a27730a0c846be656a071
CONFIRM http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f4f9f4948de5a59462e13ad712d7d9117238aeea
CONFIRM http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
CONFIRM https://code.google.com/p/chromium/issues/detail?id=244260
DEBIAN DSA-2724
OVAL oval:org.mitre.oval:def:17033

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.