Skip to main content

Webkitgtk CVE-2018-11713

MEDIUM
2018-06-04 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 04, 2018 - 14:29 nvd
MEDIUM 6.5

DescriptionNVD

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

AnalysisAI

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. Affected products include: Webkitgtk Webkitgtk\+, Gnome Libsoup. Version information: version 2.20.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-4162 HIGH POC
8.8 Apr 03

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2363 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2017-2373 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2365 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2019-8375 CRITICAL POC
9.8 Feb 24

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products

CVE-2017-2369 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2021-21806 HIGH POC
8.8 Jul 08

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.

CVE-2021-21779 HIGH POC
8.8 Jul 08

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Ra

CVE-2020-13584 HIGH POC
8.8 Dec 03

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.

CVE-2020-13543 HIGH POC
8.8 Dec 03

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CV

CVE-2018-12293 HIGH POC
8.8 Jun 19

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKi

CVE-2017-2360 HIGH POC
7.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati

Share

CVE-2018-11713 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy